Validated Product - CyberGuard Firewall/VPN Version 6.2.1

Certificate Date: 22 May 2006

Validation Report Number: CCEVS-VR-06-0027

Product Type: Firewall

Conformance Claim: EAL4 Augmented with ALC_FLR.3, AVA_VLA.3

PP Identifiers: US Department of Defense Application-Level Firewall Protection Profile for Medium Robustness Environments, Version 1.0 (Archived)
US Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (Archived)

CC Testing Lab: CygnaCom Solutions, Inc

Security Target [PDF]
Validation Report [PDF]
CC Certificate [PDF]

PRODUCT DESCRIPTION

CyberGuard Firewall/VPN Product represents integrated firewall appliances that utilize hybrid firewall architecture, consisting of packet filtering and application proxy techniques to inspect, control and protect the flow of network traffic in and out of an organization's network and to protect the integrity of organizations' internal networks.

It consists of CyberGuard Firewall/VPN version 6.2.1 software, CG Linux Version 3.1 kernel enhancements, Authentication Server, Management Station and the CG compliance tested hardware (CyberGuard Firewall/VPN Appliances).

Currently the following configurations of the CG Compliance Tested Hardware are available:

  • 1000 Series is available as a compact 1U size unit and is designed for use in mid-size, growing network environments.
  • 3000 Series is available as a 1U, 2U, and 5U size unit and is designed to provide powerful protection for enterprises, data centers and service providers.
  • 5000 Series is available as a 5U size unit and is designed to provide comprehensive security for high-bandwidth data centers, web hosting and ISP/ASP markets.
  • 7000 Series is available as a 3U size unit and is designed to provide comprehensive security for high-bandwidth data centers, web hosting and ISP/ASP markets.

All the models run the CGLinux 3.1 operating system and the CyberGuard Firewall/VPN 6.2.1 software with the same core features and therefore provide the same security functionality.

The Authentication Server that is used for single-use password authentication for the ftp and telnet proxies as require by the protection profiles is the ‘RSA Authentication Manager Version 6.0' that interacts with the ‘CyberGuard Firewall/VPN version 6.2.1 ' via the RADIUS authenticator plug-in module. In the evaluated version of the TOE the ‘Authentication Server' shall be dedicated for single use authentication of users and shall not be connected/interfaced to any other network or product.

The CyberGuard Firewall/VPN version 6.2.1 software and CG Linux Version 3.1 kernel enhancements together provide controlled and audited access to services, both from inside and outside an organization's network, by inspecting and allowing, denying and/or redirecting the flow of data (IP packets) that pass through the barrier and protection against bypassibility.

The CG Firewall/VPN version 6.2.1 software provides the following:

  • Administrative Interfaces: The TOE has user interfaces for configuring the security policy, for controlling the security functions, and for processing audit information. These interfaces consist of the graphical user interfaces (GUI).
  • Packet Filter Engine: The packet Filter component filters packets according to the network security policy. Depending on addresses and rules present a packet can be rejected (dropped), passed through, or passed to an appropriate application proxy.
  • RSBAC: The RSBAC component provides access control mechanisms for the TOE in terms of role enforcement and to create a separate domain of execution for the TOE and TOE security functions.
  • Proxies: The TOE provides proxies for FTP, TELNET, HTTP and SMTP that enforce correctness of the protocols, limitations on access, and user identification and authentication for the protocols.
  • NAT: The 'Network Address Translation' component translates all internal addresses on out-bound traffic based on a configured rule set to fake addresses before traffic leaves the firewall and translates in-bound traffic to their corresponding real addresses on arrival, facilitating the hiding of the internal network addresses of an organization.
  • Audit: The Audit component provides for secure storage and review of audit records generated by all of the Sub-Systems of the TOE. Audit records can be viewed, searched, sorted, dumped, and deleted. Audit record are time stamped based on time that is calculated and maintained by the TOE, using an initial time obtained from the hardware platform's battery backed up clock.
  • Kernel Enhancements/Extensions: The TOE includes enhancements for several kernel functions to meet the requirements of the Protection Profiles. Functions modified are the IP packet input and output handling functions to allow the packet filter to bind to network interfaces, and the memory release functions to guard against residual data in memory utilized for processing packets. These enhancements ensure that the Packet Filter engine processes all packets, that the TOE security mechanisms are not bypassable and that all memory is cleared upon release to the system. Extensions to the kernel include RSBAC, which controls access control routines by restricting all access to security enforcing functions of the TOE to authorized administrators only and providing internal access control and domain separation for the TOE.
  • CyberGuard Firewall Identification and Authentication (CGIA): CGIA provides the authentication functions that are used by the TOE to allow access to proxies, and to administration using either a password mechanism or a single-use, token based method of authentication.

The components of the CG Linux version 3.1 operating system that are part of the evaluated TOE are the enhancements that help the operating system achieve the following:

  • Kernel residual data protection
  • Non-bypassibility
  • Process Control

The Management Station GUI utilizes Microsoft Internet Explorer (IE) revision 6.0 or above as a front-end to display the configurable features of the TOE so that the site security policy can be implemented. The GUI features a modular design and although it presents many default secure options, it also enables the administrator to define objects and utilize those objects in defining the rule set that will represent the security policy for the TOE.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. TOE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2.

CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL 4 augmented by ALC_FLR.3. A team of validators, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in April 2006.

ENVIRONMENTAL STRENGTHS

The CyberGuard Firewall/VPN version 6.2.1 sits as a barrier between an organization's network and external networks. It provides controlled and audited access to services, both from inside and outside an organization's network, by inspecting and allowing, denying and/or redirecting the flow of data (IP packets) that pass through the barrier. The management station, Firewall hardware and the single use authentication server should be afforded appropriate protection from physical attack.

Secure Computing Corporation (Formerly Cyberguard Corporation)

Soheila Amiri
954.375.3611
954.375.3501 (Fax)
soheila_amiri@securecomputing.com

http://www.securecomputing.com