PRODUCT DESCRIPTION

The Top Layer IPS 5500 E is a single-appliance security gateway Intrusion Protection System.

The IPS Unit provides network-level and application-level protection to a network from good, bad and suspicious traffic. The TOE acts as an inline single-appliance security gateway providing three-dimensional protection to stop resource abuse, prohibit access to unauthorized clients and stop malicious content from entering the protected network. Top Layer’s ASIC technology and algorithms integrate stateful analysis techniques with deep packet inspection and DoS (Denial of Service) attack protection to provide protection from Internet-based and internal threats. The difference between the TOE and a typical IDS is that the TOE (IPS Unit) is deployed inline and not in an offline or a passive mode.

The TOE may be configured to:

­    Handle IP fragments, TCP header and Payload.

­    Implement firewall rules.

­    Perform protocol analysis.

­    Perform deep packet inspections.

­    Handle network and security management.

­    Process events, logging, and reports.

The primary design goal of the TOE is reliable protection of customer’s critical on-line assets. The IPS aspect of the TOE security policy may be configured based on the following three types of rules. The rules guide the following types of security checks:

Firewall Rules — Provide classic firewall blocking for traffic, based on IP addresses, 
                                Layer 4 ports, and segments (port pairs).

IPS Rules — Provide the following types of checks:

• Protocol validation

• Attack Signatures

• Acceptable use of network applications

Rate Based Rules — Protect customer’s resources from overuse by legitimate users, as well as
                                 abusive denial-of-service attackers. Provide limits for:

• Client requests

• Connections for both clients and servers

• SYN Flood controls

• Application rate limiting

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures.  Top Layer Networks IPS 5500 E Version 5.21 on Models IPS 5500-150E, IPS 5500-500E, and IPS 5500-1000E were evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 2.3. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL4. The evaluation was completed in February 2009.

ENVIRONMENTAL STRENGTHS

The following security functions are in the scope of the evaluation:

Security Audit

During the process of receiving and transmitting traffic, the TOE performs many checks and other operations. Some of these operations, system events and user-related management interface tasks, produce event messages. The IPS Unit contains a message managing system that makes these messages available to administrators based on the message controls established. These messages are collected as audit records in Alert logs and Event Log files. The TOE may also be configured to send messages to remote Syslog and SNMP servers. Only human users with authorized administrator or monitor privileges have the capability to view the audit data stored on the TOE.

User Data Protection

The TOE performs user data protection through the rate based security policy, the firewall filtering security policy and the intrusion prevention security policy. The TOE identifies external IT entities and remote administrator systems by their presumed IP addresses. Only legitimate external IT entities are granted access to pass information through the TOE and only authorized administrator systems are granted access to pass information  to the TOE.

Identification and Authentication

The TOE provides a password based authentication mechanism to administrators and monitors.

The TOE communicates with the remote web browser of the administrator using the HTTPS protocol in order to encrypt the user id and password authentication data and all configuration information to maintain secrecy from an attacker. IT Entities are identified by their presumed IP addresses. Access to security functions and data is prohibited until a user is identified and authenticated.

Security Management

The TOE maintains administrator and monitor user management roles.

The TOE allows only authorized users with appropriate privileges to administer and manage the TOE. An administrative user can connect through an encrypted web interface using SSL for secrecy. Only authorized administrators may modify the TSF, data related to the TSF, security attributes, and authentication data.

Protection of TOE Security Functions

The TOE transfers all packets arriving at the interfaces of the TOE only after processing based on the traffic attributes.

The TOE restricts management access to its interfaces through the use of physically separate management interfaces, and further by requiring users to log into the TOE using its GUI. HTTPS is used to protect the connection between the web browser in the IT Environment and the appliance. The TOE relies on Top Layer appliance hardware in general to ensure the TSP is enforced and to provide for domain separation. The TOE hardware appliance includes its own hardware clock, which provides reliable time stamps for use in audit and collected data records.

Trusted Path /Channels

The TOE, in conjunction with the IT environment, protects the TSF data from unauthorized disclosure or modification of TSF data when it is being transmitted between the IPS Unit and the management GUI on the remote management station. 

Vendor Information

Top Layer Networks, Inc., dba Top Layer Security
Mike Paquette
508-870-1300 ext 135
508-870-9797 (Fax)
paquette@toplayer.com

http://www.toplayer.com