NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - GigaVUE version 4.4

Certificate Date:  2016.03.04

Validation Report Number:  CCEVS-VR-VID10648-2016

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Network Devices Version 1.1

CC Testing Lab:  Booz Allen Hamilton Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is the GigaVUE which includes the HD8, HD4, HC2, HB1, TA10, and TA40 models with software version 4.4.03. The TOE is the general network device functionality (I&A, auditing, security management, trusted communications, etc.) of the GigaVUE, consistent with the claimed Protection Profile. The GigaVUE's primary functionality is to use the Gigamon Forwarding Policy to receive out-of-band copied network data from external sources (TAP or SPAN port) and forward that copied network data to one or many tool ports for packet capture or analyzing tools based on user selected criteria. GigaVUE can also copy the network traffic itself when sitting in-line with the network flow using passive, inline and bypass taps or any combination. GigaVUE features extensive filtering abilities enabling authorized users to forward precise customized data flows of copied data from many sources to a single tool, from a single source to many tools, or from many sources to many tools. The GigaVUE’s network traffic capture, filter, and forwarding capabilities described above were not assessed during this evaluation.

Evaluated Configuration

The TOE is the GigaVUE HD8, HD4, HC2, HB1, TA10, and TA40 standalone network hardware appliances with uniform security functionality between each of the hardware appliances. Depending on the model, the GigaVUE devices include a number of additional data interfaces that are provided by Port Blades, TAP Modules, Bypass Combo Modules, Port Modules, and/or GigaSMART Modules. However, these ports all provide data plane traffic only and do not provide an interface to the TSF or carry TSF-relevant data.

The following table lists components and applications in the environment that the TOE relies upon in order to function properly:

  • Update Server: A server that hosts software updates that can be downloaded remotely using TLS/HTTPS. This can be maintained by Gigamon directly or can be deployed in the TOE’s local environment.
  • LDAP Server: Used as an optional method of defining administrator identity and credential data that can be used to authenticate to the TOE. Secured using TLS.
  • NTP Server: Used as an optional method of collecting reliable system time data from the Operational Environment.
  • Syslog Server: Used as a remote repository for audit log storage. Secured using SSH.

Management Workstation: Used by administrators to manage the TSF. Can be used locally via a serial console, remotely using a CLI (secured by SSH), or remotely using a web GUI (secured by TLS/HTTPS).

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Gigamon GigaVUE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the Gigamon GigaVUE Security Target Version 1.0. The evaluation underwent CCEVS Validator review. The evaluation was completed in February 2016. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (CCEVS-VR-VID10648-2016, dated 4 March 2016) prepared by CCEVS.

Environmental Strengths

Security Audit

The TOE contains mechanisms to generate audit data to record predefined events on the TOE. Each audit record includes timestamp, event type, and subject identity where applicable. The audit records are stored locally and sent securely to the environmental syslog server using SSH. The TOE’s local audit data storage is used to maintain generation of audit data in the event that communications between the TOE and the syslog server fail. Only authorized administrators can delete locally stored audit data. 

Cryptographic Support

The TOE provides cryptography in support of SSH, TLS, and TLS/HTTPS trusted communications. The TOE includes a FIPS-validated cryptographic module (CMVP certificate #2128) that provides CAVP-validated implementations of the individual cryptographic algorithms (certificates AES #2273, RSA #1166, CTR_DRBG (AES) #281, SHS #1954, HMAC #1391) that are used by the TSF. The TOE’s DRBG is seeded with a sufficient amount of entropy to ensure secure key generation. These cryptographic services are used to provide SSH, TLS, and TLS/HTTPS trusted communications. In the evaluated configuration, the TOE will be set into an enhanced security mode that ensures the supported cipher suites and other configuration aspects of the cryptographic protocols are limited to those that are permitted by the claimed Protection Profile. 

User Data Protection

The TOE ensures that packets transmitted from the TOE do not contain residual information from previous packets. The TOE ensures this by zeroizing the data upon allocation of memory. Residual data is never transmitted from the TOE. 

Identification and Authentication

Users authenticate to the TOE as administrators via the local console, remote CLI, or remote web GUI. Administrators are authenticated through a username and password defined on the TOE, a username and password defined on an environmental LDAP server, or username and SSH public key. The TOE does not allow any TSF functionality to be performed prior to successful authentication other than a display of the warning banner. When authenticating via the local console, any input credential data is not echoed back to the screen by the TSF. 

Security Management

The TOE maintains the roles of Admin, Monitor, and Operator. Of these roles, only the Admin role is authorized to manage the behavior of the TSF. The other roles are used to perform actions that are entirely outside the scope of the claimed Protection Profile. All administration of the TOE can be performed locally using a management workstation connected to the serial console, remotely using a CLI from a management workstation that communicates with the TOE using SSH, or remotely using a web GUI from a management workstation that communicates with the TOE using TLS/HTTPS. 

Protection of the TSF

The TOE is expected to ensure the security and integrity of all data that is stored locally and accessed remotely. The TOE stores password data as SHA-512 hashes and does not provide a mechanism to access any pre-shared keys, symmetric keys, or private keys. The TOE maintains system time with either its local hardware clock or with NTP server synchronization. At start-up, the TOE performs an integrity test of its cryptographic module, known answer tests for cryptographic services, self-tests of all components connected to the motherboard (memory, CPU, Ethernet controllers, etc.), and any components that are connected to the device via PCIe interfaces. Software updates are securely downloaded from a remote server using TLS/HTTPS and are verified using a digital signature prior to being applied. 

TOE Access

The TOE can terminate inactive sessions after an administrator-configurable time period. The TOE also allows users to terminate their own interactive session. Once a session has been terminated, the TOE requires the user to re-authenticate to establish a new session. The TOE also displays a configurable warning banner prior to use of the TSF. 

Trusted Path/Channels

The TOE establishes trusted channels to the Operational Environment using TLS for LDAP server communications, SSH for syslog server communications, and TLS/HTTPS for update server communications. Administrators can establish trusted paths to the TOE using SSH for remote CLI administration and TLS/HTTPS for remote web GUI administration. All cryptographic functionality supporting the use of these trusted channels and paths is facilitated by the FIPS-validated cryptographic module contained within the TOE. In the evaluated configuration, the TOE will be configured into its enhanced security mode, which limits the cryptographic algorithms and cipher suites used for trusted communications to those that are specified in the Security Target

Vendor Information

Gigamon, Inc.
Chris Hudson
Site Map              Contact Us              Home