Compliant Product - Check Point Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1
Certificate Date: 01 August 2009
Validation Report Number: CCEVS-VR-VID10194-2009
Product Type: Sensitive Data Protection
Conformance Claim: EAL4 Augmented with ALC_FLR.1
PP Identifiers: None
CC Testing Lab: SAIC Common Criteria Testing Laboratory
Pointsec PC 6.3.1 is a disk encryption product that can be centrally administered throughout the enterprise. The TOE employs both boot authentication and transparent disk encryption to provide protection of information resources stored on fixed media in a workstation or a laptop. Pointsec PC is a software based security product, for the Windows based PC platform. The product contains an embedded cryptographic module that is certified against FIPS 140-2 Level 1 (certificate#770), used for all cryptographic functions.
The TOE encrypts the entire disk sector by sector including the system files, temp files, deleted files and unused space. The encryption is user transparent and automatic, so there is no need for user intervention or user training. Because the encryption occurs in the background without noticeable performance lost, there is no user downtime.
The TOE prevents unauthorized access to the machine itself that is accomplished through user authentication linked to boot protection, which in turn enables information to be automatically encrypted and decrypted. Strong user authentication and boot protection are necessary components to this system.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Pointsec PC 6.3.1 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.2 family of assurance requirements. The product, when configured as specified in the Pointsec PC Installation Guide, Version 6.3.1, March 17, 2009 and Pointsec PC Administrator’s Guide, Version 6.3.1, June 22, 2009 satisfies all of the security functional requirements stated in the Check Point Endpoint Security Full Disk Encryption Security Target, Version 2.4, 6/22/2009. Two Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in July 2009. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10194-2009 dated 1 August 2009) prepared by CCEVS.
Pointsec PC 6.3.1 has been developed for an operating environment with a medium level of risk to identified assets. Pointsec PC 6.3.1 supports the following seven security functions:
Auditing: The TOE collects audit data and provides an interface for authorized administrators to review audit logs. Audit information generated by the system includes date and time of the event, user ID that caused the event to be generated, computer where the event occurred, and other event specific data. The TOE also restricts log access to authorized users.
Cryptographic Support: The TOE’s Cryptographic Support security function implements several security functions. The cryptographic support mechanisms can be categorized as cryptographic key management and cryptographic operations. The cryptographic functionality of the TOE is based upon the FIPS 140-2 validated Pointsec Cryptographic Module (FIPS 140-2 certificate #770) embedded in the product. The certificate numbers for the FIPS approved algorithms are HMAC FIPS198 certificate#202, AES FIPS197 certificate#430 and Triple DES FIPS46-3 certificate#459.
Identification and authentication: The TOE supports multiple user authentication mechanisms enabling the administrator to assign appropriate authentication requirements for the intended environment, including:
- fixed password (username/password),
- smart card (and USB token with embedded smart card) based authentication (smart card/PIN).
- Remote Help authentication (username/phone identification/TOE challenge/Admin response). Remote Help is divided into two types, one-time login and remote password change. These provide a way to authorize a user to login when the normal authentication process can not be performed, such as when the user forgets their smart card at home, or a fixed password has been forgotten.
Where a smart card is used for authentication, the card and reader (or token) are part of the IT environment.
User authentication is done in the pre-boot environment and the operating system will not boot up unless an authorized user is authenticated. In addition, administrators authenticate using the same mechanisms as above prior to gaining access to the Pointsec for PC Management Console application.
Security Management: The TOE administration is designed to enable central control of policy and security settings, decentralized deployment and day-to-day administration. Pointsec for PC should be administered using several different levels of authority. It can be administered from the Pointsec for PC Management Console (PCMC) on any computer that has the product installed on it. This gives the administrators control and easy access to higher-level functionality without being tied to one computer.
Self-Protection: Pointsec for PC implements a specific set of security mechanisms to ensure that security functions cannot be bypassed or tampered with. To prevent bypassing of the TOE security functions, the TOE takes control of the Boot Sector of the boot partition, which prevents access to the system without successful authentication. The Boot-code is checked for the presence of debugging tools at each step of the loading process. If suspicious code is detected, the boot process will stop. Within the Windows operating system, Pointsec for PC functions as a kernel mode process, restricting access to its execution space and memory. When the TOE starts (from Power on) it has its own OS and is later handing over control to Windows after it has authenticated the user and recreated the encryption key. During that time, Pointsec is in control Windows security does not matter.
Fault tolerance: When a Pointsec PC workstation/laptop loses contact with the file share server, the TOE provides the administrator with the capability to identify additional three servers for redundancy. As a result, if a server is offline, or the workstation/laptop is unable to contact it, the workstation/laptop will attempt to communicate with one of the other identified servers. Even if no storage resource is accessible the TOE will continue to operate as normal.
Trusted path: For initial logon, a user must invoke a trusted path in order to ensure the protection of identification and authentication information. The trusted path is invoked by a system reset which is always captured by the TOE (i.e. it cannot be intercepted by an untrusted process).