PRODUCT DESCRIPTION

The TOE, Arbor Networks Peakflow X version 3.1.4, is a network integrity system (NIS) consisting of collector and controller appliances. The collectors capture network traffic information in order to build and monitor network usage policies. The controller enables management of network usage policy definitions and provides access to the results of its monitoring of adherence by network entities to the defined policies.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Arbor Networks Peakflow X version 3.1.4 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and International Interpretations effective on 24 March 2004. The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL2 family of assurance requirements. The product, when configured as specified in “Peakflow X User and Installation Guide Version 3.1.4”, satisfies all of the security functional requirements stated in the Arbor Peakflow X Security Target. One validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed November 2, 2005. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-05-0112) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

Arbor Networks Peakflow X version 3.1.4 comprises a Controller appliance and zero or more Collector appliances. Both the Collector and Controller appliances are based on Intel commodity servers and utilize the Arbor Networks Operating System (ArbOS), which is based on OpenBSD. Arbor Networks Peakflow X version 3.1.4 provides a low to moderate level of independently assured security in a conventional TOE and is suitable for a cooperative non-hostile environment.
The role of the Collector is to collect all network traffic and summarize it into flow information, which is then passed to the Controller. The Controller receives the summarized flow information from one or more Collectors (or generates this information itself in an installation without any Collectors). While in learning mode, the Controller uses the flow information to build up its view of the network and its behavior. When in active mode, it compares flow information against its model of the network and generates alerts if it detects anomalous behavior. All flow information is stored in a traffic flow log, available for subsequent anomaly or traffic flow analysis.

Arbor Networks Peakflow X supports the following four security functions:

Identification and Authentication
Both the Controller and Collector components require that administrators must be identified and authenticated before allowing them to perform any other functions. Peakflow X associates a userid and authentication data with each user.

Security Management
Peakflow X defines a single security management role of Administrator. The Administrator is able to manage the behavior of the network monitoring policy, by switching it between learning and monitoring modes, as well as manage user accounts to control access to the Peakflow X appliances. The Administrator is able to modify the rules that specify the network monitoring policy.

Protection of the TSF
Peakflow X protects from disclosure the traffic flow data transmitted by Collectors to the Controller. It also detects modifications to traffic flow data transmitted by Collectors to the Controller and discards modified data. Peakflow X ensures that its security functions cannot be bypassed. All users (i.e., Administrators) must be identified and authenticated prior to performing any other functions. All network traffic that is collected (either by a Collector or by the Controller in a Controller-only installation) is summarized as a traffic flow and used to build the network monitoring policy (in learning mode) or is compared against the network monitoring policy for anomalous behavior (in active mode). Peakflow X is implemented on a dedicated network appliance and, as such, maintains a domain for its own execution. It protects itself against tampering by presenting limited, well-defined and -controlled external interfaces.

Network Integrity System
Peakflow X monitors network traffic and distills captured network information (either raw packets or NetFlow data) into traffic flow data. Peakflow X uses this traffic flow data to build a policy of allowed network flows and then monitors network traffic against this policy. Peakflow X generates alerts if it identifies: a traffic flow that is inconsistent with the network monitoring policy; a traffic flow involving a previously unknown host; a traffic flow indicating an unauthorized scan; a traffic flow indicating an unusual increase in traffic volumes.

The TOE provides the administrator with notification of potential violations of the specified network behavior policies. The TOE does not directly implement any traffic flow or access control policies on the backbone network that it monitors. It is the responsibility of the administrator to take appropriate action based upon the specific notification or alert that is received.

Vendor Information

Arbor Networks, Inc.
Gant Redmon
781.768.3278
gant@arbor.net

http://www.arbor.net