Product Name: Check Point Firewall-1,
v 4.0, SP5

Product Type: Firewall

Date: October 29, 1999

Conformance Claim: EAL 2

PP Identifier: U.S. Government Traffic-filter
Firewall Protection Profile for Low Risk
Environments, Version 1.1 and U.S.Government
Application-level Firewall Protection Profile for
Low Risk Environments, Version 1.d

Security Target:

Validation Report:

Key Words: firewall, gateway, application-level firewall, packet-filtering,

Vendor: Check Point

POC:

Phone:

Fax:

Email:

Web:

CC Testing Lab: Computer Science Corporation

PRODUCT DESCRIPTION:

The evaluated Check Point FireWall-1 Version 4.0 is referred to as the Target of Evaluation (TOE). The TOE configuration consists of one physical component executing:

• One FireWall Module, that implements the Security Policy, logs events, and communicates with the Management Module
• One Management Module which manages the FireWall-1 database: the Rule Base, network objects, services, users, etc. and
• The Windows NT Server 4.0 operating system with service pack 4 installed.
• Two network interfaces with one designated as internal and the other as external.

The FireWall-1 is a firewall employing a hybrid application-level gateway and packet filtering called Stateful Multilayer Inspection. The technology utilizes packet filtering's performance and scalability and the security of an application gateway. As an Application-level Firewall, the FireWall-1 mediates flows between clients and servers located on internal and external networks governed by the firewall. An application-level firewall may employ security servers to screen information flows. Security servers on the FireWall-1 for FTP and Telnet, require authentication at the firewall by client users before requests for such services can be authorized. Only valid requests are relayed to the actual server on either an internal or external network. As a Traffic-filter Firewall, the FireWall-1 selectively routes information flows between an internal and an external network according to a site's security policy rules, the default policy being deny all. Only an authorized administrator has the authority to change the security policy rules. Traffic filtering decisions are made on the source address, destination address, transport layer protocol, source port, destination port, and are based on the interface on which the packet arrives or goes out. The FireWall-1 Inspection Engine applies full application-level security but doesn't permit packets to reach the operating system of the machine the firewall sits on. Additionally, the firewall imposes traffic-filtering controls on information flows mediated by the firewall.

EVALUATION SUMMARY

The evaluation was carried out in accordance to the Trust Technology Assessment Program (TTAP) process and scheme. The purpose of the evaluation was to demonstrate that the FireWall-1 meets the security requirements contained in the Security Target. The criteria against which the FireWall-1 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.0. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 0.6. Computer Sciences Corporation has determined that the Security Target is conformant to the U.S. Government Traffic-filter Firewall Protection Profile for Low Risk Environments, Version 1.1 and the U.S. Government Application-level Firewall Protection Profile for Low Risk Environments, Version 1.d. Computer Sciences Corporation has determined that the evaluation assurance level (EAL) for the product, as specified in the Security Target, is EAL 2 and the product configured as described in the FW-1 Installation, Generation, and Start-up Guide satisfies the security functional requirements stated in the Security Target. Two certifiers on behalf of the TTAP Oversight Board monitored the evaluation carried out by Computer Sciences Corporation. The evaluation was completed in October 1999. Results of the evaluation can be found in the Evaluation Technical Report for Check Point Software Technologies FireWall-1 Version 4.0 prepared by Computer Sciences Corporation.

ENVIRONMENTAL STRENGTHS

The TOE limits connections between networks to only those which are authorized. The firewall forms the boundary between the internal network and the external networks. All traffic between the internal and external networks must flow through the TOE to maintain security. It is assumed the firewall is located within a controlled access facility that mitigates unauthorized, physical access and the TOE is only used for firewall functionality. The administrator is the only person allowed direct access to the TOE; there are no non-administrative accounts on the TOE. The administrator is assumed to be trustworthy and trained on security policies and practices of the environment for which the TOE is intended to protect. The TOE is intended for use in environments in which, at most, sensitive but unclassified information is processed or the sensitivity level of information in both the internal and external networks is the same.