Validated Product - DiamondTEK Product (DiamondCentral: NSC Application S/W version 2.0.1; NSD-Prime F/W version 2.1.4) and NSD (DiamondLink, DiamondPak, DiamondVPN) F/W version 2.1.4Certificate Date: 28 June 2002 Validation Report Number: CCEVS-VR-02-0021 Product Type: Firewall, Network Access Control, VPN Conformance Claim: EAL4 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory PRODUCT DESCRIPTIONThe DiamondTEK Target of Evaluation (TOE) consists of the following components:
It is important to note that the DiamondTEK product contains additional components, such as the Windows 2000 Professional operating system and the hardware platform on which it executes, that are not included within the scope of the TOE. The DiamondTEK TOE specifically consists of the components listed above. Henceforth, the TOE components listed above are referred to as the DiamondTEK TOE. The DiamondTEK product is a secure network product designed to control the flow of information to and from nodes and access to Nodes on a network. It can be used on a closed, or otherwise protected, network using clear-text interactions or alternately on an open, or unprotected, network using encryption technology, if necessary, to protect data and enforce policies. The DiamondTEK product consists of a number of components. Each protected Node (the combination of Host and NSD being referred to as a Node) is connected to the physical network via a NSD. For a single Host, the NSD is a DiamondLink that is installed between any NIC and a physical network. When dealing with multiple nodes (e.g., a sub-network or group of servers), the NSD may be either a DiamondVPN that is installed as a single point of control for all of the nodes (collectively referred to as a Host) that may be attached to it, or a DiamondPak that is rack mounted and can serve to protect a set of Hosts (e.g., servers) each with its own Operational Profile. Each of the NSDs has an associated card reader that can be used to install the device and read the cards of individual users in order to identify and authenticate them. However, NSDs can be configured to not require card-based authentication (hence, they are called No-Card Nodes). This option is used for fixed, permanent network entities (e.g., servers, sub-networks) where a user will be defined exclusively to represent the Node in the DiamondTEK system. Note that while the DiamondTEK TOE can include a number of NSDs, it can also be configured to recognize clear-text nodes (CTNs) and other Internet Protocol security (OIPS) nodes. While the DiamondTEK TOE cannot fully control information flows between CTNs and OIPSs, it does control the flow of information between them and the NSDs. As such, CTNs and OIPSs can only interact with NSDs after they have been defined in the DiamondTEK system and assigned appropriate information flow attributes to control information flows appropriately. The NSC is a special-purpose application (it includes a special purpose driver) designed for network and security management. The NSC communicates with the NSDs under its control via its own special NSD (sometimes referred to as the "NSD Prime"). The NSC provides an interface and tools for the Network Security Manager (NSM). Via the NSC, the NSM configures and manages the DiamondTEK TOE, including controlling access policies, reviewing audit data, defining operational parameters, defining users, configuring NSDs, etc. When a NSD state changes (e.g., it starts) or a NSD determines that an attempt to violate a security policy has occurred, the NSD forwards an audit record to the NSC. Additionally, NSDs can forward audit records related to general network usage (e.g., TCP connects) that will optionally be recorded by the NSC. The NSC uses the services of its host operating system to record and review audit records received from NSDs as well as the audit records related to security management that are generated by the NSC itself. The DiamondTEK TOE offers three distinct information-flow security features. One is based on security labels (Mandatory Security Policy), another is based on explicitly defined information flow paths (Association Security Policy), and the last is based on source and destination addresses in combination with network protocol and service (Packet Filter Policy). The DiamondTEK TOE requires each user of a Node to be identified and authenticated prior to allowing the user to perform any other security functions. There are two roles supported by the DiamondTEK TOE and each is identified and authenticated differently.
The DiamondTEK TOE offers security management functions via the NSC. Using the NSC, the NSM can add, remove, and configure the security properties of NSDs; add, remove, and configure the security properties of users; manage the information flow security policies; and manage the audit filters and audit log. The DiamondTEK TOE protects its management functions by isolating them within a single component that allows only administrators (i.e., NSMs) to log in and perform management functions. It is assumed that the management console will be appropriately protected from unauthorized physical access. Each NSD is protected largely by virtue of the fact that its interface is limited to primarily only support network traffic. A physical card reader device that limits any potential for logical attacks provides the identification and authentication interface of the NSD. The security policy management interface of the NSD is limited to the NSD initiating connections to the NSC when it starts up or when a user logs on. The information flow policies, including encryption capabilities, contribute to protection of the TOE since they serve to ensure that TSF data is only accepted when it originates from an allowed source and that it is protected when outside the control of the TOE. All communication between an NSD and the NSC is protected by always requiring that it be encrypted using Internet Protocol security (Ipsec). SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the DiamondTEK TOE meets the security requirements contained in the Security Target. The criteria against which the DiamondTEK TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the DiamondTEK TOE is EAL 4. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Three Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in June 2002. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report. ENVIRONMENTAL STRENGTHSThe DiamondTEK TOE provides identification and authentication, three kinds of information flow control, and auditing. Additionally, the DiamondTEK TOE provides a graphical user interface and a special-purpose application for central security management by a Network Security Manager. The physical protection of the TOE Security functions (TSF) is largely accomplished via protection of its environment. It is assumed that NSDs will remain attached to their Hosts so that they cannot be bypassed. However, cryptographic techniques and FIPS 140 Level-2 tamper techniques are used to protect against, or identify, tampering and theft of a NSD.
|
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org/assets/images/icon_pdf.gif){kind=icon}
