Compliant Product - IBM Internet Security Systems GX6116 Network IPS Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0
Certificate Date: 31 May 2011
Validation Report Number: CCEVS-VR-VID10320-2011
Product Type: IDS/IPS
Conformance Claim: EAL2 Augmented with ALC_FLR.2
CC Testing Lab: COACT Inc. CAFE Laboratory
The TOE is an automated real-time intrusion detection system (IDS) designed to monitor and protect up to eight in-line Network Intrusion Protection System (NIPS) network segments or sixteen passive mode (IDS) network segments. The TOE unobtrusively analyses and responds to activity across computer networks. The TOE is comprised of two components:
The Proventia GX6116 TOE component (hereafter referred to as the appliance, Sensor, Agent, or as stated) provides IDS security functionality. This component includes the Proventia GX6116 appliance hardware, the appliance resident Red Hat operating system (OS) and the Proventia GX application software image.
The SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module component of the TOE (hereafter referred to as SiteProtector or as stated) is a software product that runs on a Microsoft Windows-based workstation and enables administrators to monitor and manage the Sensor components of the TOE.
The Proventia GX6116 TOE component provides the IDS functionality; it monitors a network or networks and compares incoming packet or packets against known packets and packet patterns that indicate a potential security violation. If a match occurs, the Proventia GX6116 will create an audit record. The SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module TOE component provides management, monitoring and configuration functions to administrators. The SiteProtector management workstation connects to the appliance via TLS session, and this workstation is only used by authorized administrators for the management of the appliance.
The TOE conforms to the U.S. Government Protection Profile Intrusion Detection System System for Basic Robustness Environments, Version 1.7, July 25, 2007 (IDSPP).
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the IBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module meets the security requirements contained in the Security Target.
The criteria against which the IBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the IBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version2.0 Service Pack 7.0 with Reporting Module is EAL 2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in May 2011. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
The TOE’s Security Functions are:
Security Audit Function The TOE’s Audit Security Functionality combines both audit data record and system data records functionality. The Audit Security Function includes audit and system data generation; audit data selective generation; audit and system data viewing; audit and system data selective viewing; audit and system data storage; and viewing of TOE generated alerts.
Identification and Authentication Function The TOE requires operators to be successfully authenticated before any actions can be performed. User accounts must be defined in Windows (in the IT Environment). SiteProtector collects userid and password information through a GUI and passes that information to Windows to authenticate the user. If Windows indicates that the user is authenticated, SiteProtector looks up that userid in its database to determine the permissions associated with the user. If Windows indicates that the user is not authenticated, SiteProtector terminates the session.
Security Management Function The TOE’s Management Security Function provides administrator support functionality that enables a human user to manage the TOE via a GUI interface (SiteProtector Console). After installation, all management of the TOE components occurs through SiteProtector.
Traffic Analysis Function The TOE continuously monitors network traffic and compares the packets to signatures identified in the Sensor’s Policy File. Signatures identify packet and packet patterns that indicate a potential security violation to a device accessible by the Sensor’s monitored network. The Sensors are shipped with a default Policy File that includes pre-defined signatures that include detection of denial of service, unauthorized access attempts, pre-attack probes, and suspicious activity.
Protection of Management Function TLS 1.0 is used to protect communication between the Sensors and SiteProtector. The TLS implementation (via OpenSSL 1.1.2) is included in the TOE boundary. The cipher suite used for the TLS session is TLS_RSA_WITH_3DES_EDE_CBC_SHA. The Sensor initiates the connection with SiteProtector. SiteProtector responds with its RSA certificate (tested by CCTL); the Sensors authenticate the server (SiteProtector) by comparing the SiteProtector-supplied certificate to the certificate saved on the Server during installation. The pre-master secret is generated with the Sensor’s random number generator and sent back to SiteProtector encrypted with the public key from the certificate, then both sides complete the key establishment phase. Subsequent data traffic is encrypted with TDES operating with 168 bit keys in CBC mode (tested by CCTL). SHA-1 (tested by CCTL) is used for message integrity checking. Session keys held in memory are zeroized (tested by CCTL) when a session ends. RSA certificates are generated by the IT Environment during installation of the TOE.