Compliant Product - McAfee Network Security Platform Release 5.1
Certificate Date: 25 May 2010
Validation Report Number: CCEVS-VR-VID10372-2010
Product Type: IDS/IPS
Conformance Claim: EAL2 Augmented with ALC_FLR.2
CC Testing Lab: InfoGard Laboratories, Inc.
The McAfee Network Security Platform (NSP) product is a combination of network appliances (sensors) and Network Security Manager (NSM) software built for the detection of intrusions, denial of service (DoS) attacks, distributed denial of service (DDoS) attacks, and network misuse.
The evaluated sensor appliances are the M-2750, M-1450, M-1250, M-6050, M-4050, M-8000, M3050, I-4010, I-4000, I-3000, I-2700, I-1400, and I-1200 sensors. The sensors provide a flexible, dedicated, and high performance platform for monitoring networks of all sizes. The sensors perform real-time scanning of network data for signature and threshold based attacks. The sensors send alerts to NSM which alerts the administrators.
NSM is a software only component that runs on a Windows server. NSM presents a singular interface for managing and monitoring multiple sensors across large and distributed enterprise networks. Administrative access to NSM is supported through a Java applet that is run on a console machine. This applet is downloaded from NSM for each session. Access to the NSM is authenticated using certificate credentials obtained from a Common Access Card (CAC) in the Operational Environment. Certificates revocation status is checked using an OCSP server.
The McAfee NSP consists of:
- Network Security Manager (NSM) version 126.96.36.199
- Sensor Software:
- M-Series version 188.8.131.52
- I-Series version 184.108.40.206
- One or more Sensors (hardware models):
The evaluated configuration of NSP requires the use of CAC authentication; therefore, the Operational Environment must provide an OCSP server and CAC authentication hardware and software.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that NSP meets the security requirements contained in the Security Target. The criteria against which the NSP was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3 and National and International Interpretations effective 24 August 2009. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 3. InfoGard Laboratories determined that the McAfee Network Security Platform provides the security assurance required by Evaluation Assurance Level 2 (EAL2) and ALC_FLR.2.
The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by InfoGard. The evaluation was completed in May of 2010.
The McAfee Network Security Platform is a commercial network product that provides system (network) data collection, system (network) data analysis, identification and authentication, security management, cryptographic operations, and audit. Additionally, Network Security Platform provides support against bypass and tampering as well as centralized management though a web interface presented by the Network Security Manager component.