NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - 3eTI CyberFence 3e-636 Series

Certificate Date:  2017.09.20

Validation Report Number:  CCEVS-VR-VID10820-2017

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  Gossamer Security Solutions

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Target of Evaluation (TOE) is CyberFence 3e-636 Series Network Security Devices.  3eTI’s 636 Series Network Security Devices offer the multiple capabilities necessary for protecting embedded devices and safety-critical industrial control systems (ICS) against internal and external attacks.  The core capabilities include: network access control, OSI Layer 2 and Layer 3 packet filtering, industrial control protocols packet inspection and secured application data transportation (via encryption).

The TOE is composed of both hardware and firmware. All four models of the 3e-636 series devices share the identical hardware. The 3e-636L3 runs on its own firmware, and was evaluated with version 5.1.300, while 3e-636L2 DarkNode, 3e-636H Ultracrypt and 3e-636A EtherWatch run on another firmware with variant product features enabled or disable based on EEPROM entries created at manufacturing time for that specific model. The evaluated firmware version for 3e-636L2, 3e-636H and 3e-636A is also 5.1.300. The two sets of firmware share the same OpenSSL library and kernel drivers and have the identical software modules that implement the CPP_ND SFRs such as IPsec and TLS server.

Evaluated Configuration

The TOE is composed of both hardware and firmware comprising the following four models, all running firmware version 5.1.300. 

·         3e-636L3 EtherGuard

·         3e-636L2 DarkNode

·         3e-636H UltraCrypt

·         3e-636A EtherWatch

The TOE requires the following Operational Environment support which is not included in the TOE’s physical boundary.

  • Administrator Workstations:  Trusted administrators access the TOE through the TLS/HTTPS protocol.
  • Audit Servers:  The TOE relies upon the audit server for storage of audit records. The TOE itself stores limited amount of the audit records in its internal persistence storage. Those audit records are accessible and exportable through the Web GUI interface.
  • NTP Servers:  The TOE relies upon an NTP server to provide reliable time. If the time is configured locally, the TOE will use its own reliable hardware clock to maintain time as well.
  • LDAP Server: The TOE relies on the LDAP server for centralized authentication of administrator if the security administrator chooses this configuration. The TOE can also authenticate administrator using local user name and password.

Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012.  Gossamer Security Solutions determined that the evaluation assurance level (EAL) for the TOE is EAL 1.  The product, when delivered and configured as identified in the 3eTI 636 Series User Guide, Revision F, August 24, 2017 document, satisfies all of the security functional requirements stated in the 3eTI CyberFence 3e-636 Series Network Security Devices (NDcPP10) Security Target, Version 0.7, September 19, 2017.  The project underwent CCEVS Validator review.  The evaluation was completed in September 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10820-2017) prepared by CCEVS.

Environmental Strengths

The logical boundaries of the 3eTI CyberFence 3e-636 Series Network Security Devices are realized in the security functions that it implements. Each of these security functions is summarized below.

Security Audit:

The TOE generates auditable events for actions on the TOE with the capability of selective audit record generation. The records of these events can be viewed within the TOE Management Interface or they can be exported to audit systems in the Operational Environment. The TOE generates records for its own actions, containing information about the user/process associated with the event, the success or failure of the event, and the time that the event occurred. Additionally, all administrator actions relating to the management of TSF data and configuration data are logged by the TOE’s audit generation functionality.

Cryptographic support:

The TOE uses NIST SP 800-90 DRBG random bits generator and the following cryptographic algorithms: AES, RSA, ECDSA, SHA, HMAC to secure the trusted channel and trusted path communication. The TOE is designed to zeroize Critical Security Parameters (CSPs) to mitigate the possibility of disclosure or modification.

Identification and authentication:

The TOE provides Identification and Authentication security functionality to ensure that all users are properly identified and authenticated before accessing TOE functionality. The TOE enforces a password-based authentication mechanism to perform administrative user authentication. Passwords are obscured when being displayed during any attempted login.  Administrative users can be authenticated via either local user database or remote LDAP server. The TOE also authenticates its IPsec peers; the authentication is performed over IKEv2 SA phase of mutual authentication between IPsec peers.

Security management:

The Web Management Application of the TOE provides the capabilities for configuration and administration. The Web Management Application can be accessed via the dedicated local Ethernet port configured for “out-of-band” management. There is no local access such as a serial console port. Therefore, the local and remote management is considered the same for this evaluation. 

An authorized administrator has the ability to modify, edit, and delete security parameters such as audit data, configuration data, and user authentication data.   The Web Management Application also offers an authorized administrator the capability to manage how security functions behave. For example an administrator can enable/disable certain audit functions query and set encryption/decryption algorithms used for network packets.

Protection of the TSF:

Internal testing of the TOE hardware, software, and software updates against tampering ensures that all security functions are running and available before the TOE accepts any communications.  The TSF prevents reading of pre-shared keys, symmetric keys, private keys, and passwords.  The TOE uses electronic signature verification before any firmware/software updates are installed.

TOE Access:

The TOE provides the following TOE Access functionality:

  • TSF-initiated session termination when a connection (remote or local) is idle for a configurable time period
  • Administrative termination of own session
  • TOE Access Banners

Trusted path/channels:

The TOE protects interactive communication with administrators using TLS/HTTPS, both integrity and disclosure protection is ensured.

The TOE uses IPsec to protect communication with network entities, such as a log server, NTP server and LDAP server. This prevents unintended disclosure or modification of logs and management information.

Vendor Information

Harinder Sood
Site Map              Contact Us              Home