Compliant Product - RioRey™ Perimeter Protection Platform (RE500, RE1500, RX1800, RX2300, RX4400 and RG with RIOS Software version 5.0.12sp8) and rView Software version 5.0.12sp9
Certificate Date: 21 December 2012
Validation Report Number: CCEVS-VR-VID10380-2012
Product Type: Miscellaneous
Conformance Claim: EAL4 Augmented with ALC_FLR.1
PP Identifiers: None
CC Testing Lab: CygnaCom Solutions, Inc
The TOE is RioReyTM Perimeter Protection Platform Platform (RE500, RE1500, RX1800, RX2300, RX4400 and RG) with RIOS Software version 5.0.12sp8) and rView Software version 5.0.12sp9.
The TOE (RioRey™ solution) provides an integrated hardware and software platform to protect Internet Protocol (IP) networks against DDOS attacks by identifying and filtering attacks while forwarding normal traffic through the network without impacting service.
The Platform recognizes an attack, sends an alert for the threat level it poses and ultimately protects the network from harm rapidly and without operator intervention. RioRey’s proprietary technology continuously performs Micro Behavioral Analysis (MBA), looking for distinctive characteristics of network communication. Because RioRey’s Perimeter Protection Platforms quickly identify traffic that does not follow normal communications protocol, invalid traffic is immediately blocked. Valid traffic flows are unimpeded and normal network communication is maintained. The hardware and software design is dedicated to this single function, the design is also optimized to tackle high throughput, large numbers of sessions and IP address situations.
An enterprise can deploy multiple RioRey appliances. In such scenarios, the same rView software can be used to manage several appliances individually in the same manner. The TOE does not provide hierarchical management of its appliances.
If a hardware failure occurs and the Platform does not repair itself, the Platform goes into a hardware bypass mode. This shunts the WAN and LAN ports, maintaining all customer traffic flow through the equipment. An administrator can manually configure the TOE into hardware bypass mode as well. Thus, the DDOS filtering function becomes unavailable, but the flow of traffic will not be impeded. In case of a software failure, the multiple watchdogs embedded in the Platform will attempt to restart the Platform and report the incident to the operator. The Platform bypasses customer traffic during the restart phase, maintaining service.
The Platform audits user access events and system processing events (including DDOS attack information) and stores the statistics in RAM for a period of 10 days. The rView Software provides a user friendly way to perform ongoing management of the Platform and obtain Audit information.
The RE/RX/RG Platform’s key functions are:
- DDOS Protection and Filtering Capabilities
- Auditing of Administrator actions
- Auditing of Attack information
- Provide Operational Management capabilities via rView Software.
The physical boundary of the TOE is the RE, RX or RG Platform loaded with the RIOS software version 5.0.12sp8. The TOE also includes the rView Software Version 5.0.12sp9. The TOE consists of the RioRey components described in Section 1.4.3. Please see the figure below for an architectural description of the TOE.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The TOE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R3.
The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 R2.
CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3.
A team of validators, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in December 2012.
The following security functions are in the scope of the evaluation:
RioRey provides the following security functionality:
- Security Audit
The TOE’s auditing capabilities include recording information about system processing and users’ access to the TOE. Subject identity (user login name) and outcome are recorded for each event audited. The audit records generated by the TOE are protected by the TOE.
- Identification and Authentication
Each user must be successfully identified and authenticated with a username and password by the TSF or the external authentication mechanism invoked by the TOE before access is allowed to the TSF. The TOE provides a password based authentication mechanism to administrators.
Access to security functions and data is prohibited until a user is identified and authenticated.
- Security Management
The TOE maintains administrative users with “ADMIN” and “NORMAL” management roles. The TOE also maintains a “VIEWONLY” role for read-only administrative (executive) oversight.
The TOE allows only authorized users with appropriate privileges to administer and manage the TOE. Only authorized administrators with appropriate privileges may modify the TSF data related to the TSF, security attributes, and authentication data.
- Resource Utilization (DDOS Protection)
The TOE sits at the perimeter of the network to protect Internet Protocol (IP) networks against DDOS attacks by successfully identifying and filtering DDOS attacks, while forwarding normal traffic through the network without impacting service. The TOE can function in FILTER, MONITOR or BYPASS modes. The TOE provides capabilities to filter traffic based on Whitelist, Blacklist, Service Definition, Fragmentation Control and TCP SYN Rate Config specifications.
- Protection of TSF
The TOE transfers all packets passing through the TOE only after processing the traffic based on traffic attributes. If a hardware failure occurs and the Platform does not repair itself, the Platform goes into a hardware bypass mode. This shunts the WAN and LAN ports, maintaining all traffic flow through the equipment. Thus, the DDOS filtering function may be unavailable, but the flow of traffic will not be impeded. The communication between rView and Platform are protected from disclosure and modification. The TOE provides reliable timestamps with the support of an NTP Server in the IT environment.
The TSF is protected because the hardware, the OS and the application are part of the TOE and there in a protected physical environment. The logical access to the TOE is controlled by the identification and authentication functionality provided by the TOE.