NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Magnum-SC-CC

Certificate Date:  2017.12.08

Validation Report Number:  CCEVS-VR-VID10828-2017

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The MAGNUM-SC-CC hardware device, running Evertz MAGNUM software, serves as the primary user and network interface device for the MAGNUM control application. It is used to control one or more external video switching and endpoint devices (which lie outside the accreditation boundary of this product). MAGNUM serves as the control interface for Evertz’s proprietary IPX media streaming switch fabric that allows the general user to establish, change, and tear down multicast IP video streams.


Evaluated Configuration

The MAGNUM-SC-CC hardware device, running Evertz MAGNUM software, serves as the primary user and network interface device for the MAGNUM control application. It is used to control one or more external video switching and endpoint devices (which lie outside the accreditation boundary of this product). MAGNUM serves as the control interface for Evertz’s proprietary IPX media streaming switch fabric that allows the general user to establish, change, and tear down multicast IP video streams.


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the MAGNUM-SC-CC was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Magnum-SDVN Security Administration Manual, satisfies all of the security functional requirements stated in the Evertz Magnum Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in December 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

Security Audit

The TOE’s Audit security function supports audit record generation and review.   The TOE provides date and time information that is used in audit timestamps.   Very broadly, the Audit events generated by the TOE include:

·         Establishment of a Trusted Path or Channel Session

·         Failure to Establish a Trusted Path or Channel Session

·         Termination of a Trusted Path or Channel Session

·         Failure of Trusted Channel Functions

·         Identification and Authentication

·         Unsuccessful attempt to validate a certificate

·         Any system update attempt

·         Result of the update attempt

·         Management of TSF data

·         Changes to Time

The TOE can store the generated audit data on itself and it can be configured to send syslog events to a syslog server, using a TLS protected collection method.  Logs are classified into various predefined categories.   The logging categories help describe the content of the messages that they contain.  Access to the logs is restricted to only Security Administrators, who has no access to edit them, only to copy or delete (clear) them.   Audit records are protected from unauthorized modifications and deletions.

The logs can be viewed by using the “Retrieve Logs” menu item from the “Help” drop-down menu.  The log records the time, host name, facility, application and “message” (the log details).  New audit records are dropped when the allocated space for these records reaches the threshold, which is why the use of a syslog server is important.

Cryptographic Support

The TOE provides cryptography support for secure communications and protection of information.   The cryptographic services provided by the TOE include: symmetric encryption and decryption using AES; cryptographic hashing and software integrity testing using SHS; keyed hashing services using HMAC-SHA; random-bit generation using DRBG; cryptographic key establishment using RSA-based key establishment schemes; digital signature using RSA.  The TOE implements secure protocols TLS (Server and Client) and TLS/HTTPS (Server). 

Identification and Authorization

All Administrators wanting to use TOE services are identified and authenticated prior to being allowed access to any of the services other than the display of the warning banner.  Once an Administrator attempts to access the management functionality of the TOE, the TOE prompts the Administrator for a user name and password for password-based authentication.  The identification and authentication credentials are confirmed against a local user database. Only after the Administrator presents the correct identification and authentication credentials will access to the TOE functionality be granted.  The TOE uses X.509v3 certificates as defined by RFC 5280 to support authentication for TLS/HTTPS connections.

The TOE provides the capability to set password minimum length rules.   This is to ensure the use of strong passwords in attempts to protect against brute force attacks. The TOE also accepts passwords composed of a variety of characters to support complex password composition.  During authentication, no indication is given of the characters composing the password.

Security Management

The TOE provides secure administrative services for management of general TOE configuration and the security functionality provided by the TOE.   All TOE administration occurs either through a secure session or a local console connection.  The TOE provides the ability to perform the following actions:

·         Administer the TOE locally and remotely

·         Configure the access banner

·         Configure the cryptographic services

·         Update the TOE and verify the updates using digital signature capability prior to installing those updates

·         Specify the time limits of session inactivity

All of these management functions are restricted to an Administrator, which covers all administrator roles. Administrators are individuals who manage specific type of administrative tasks.

Primary management is done using the local console or remotely via HTTPS. This provides a network administration console from which one can manage various identity services. These services include authentication, authorization and reporting. All of these services use a menu-driven navigation system.

Protection of the TSF

The TOE will terminate inactive sessions after an Administrator-configurable time period.   Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session.   The TOE provides protection of TSF data (authentication data and cryptographic keys).   In addition, the TOE internally maintains the date and time. This date and time is used as the time stamp that is applied to TOE generated audit records.   This time can be set by and Administrator using the “Date” and “Time” selections from the System Configuration menu, or can be set to follow an external NTP server.  The TOE also ensures firmware updates are from a reliable source.  Finally, the TOE performs testing to verify correct operation.

In order for updates to be installed on the TOE, an administrator initiates the process from the web interface.  Magnum automatically uses the digital signature mechanism to confirm the integrity of the product before installing the update.

TOE Access

Aside from the automatic Administrator session termination due to inactivity describes above, the TOE also allows Administrators to terminate their own interactive session.  Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. 

Regardless of the type of connection the TOE will display an Administrator-specified banner on the web browser management interface prior to allowing any administrative access to the TOE.

Trusted Paths/Channels

Magnum allows the establishment of a trusted path between itself and various video control switches (such as Evertz’ IPX); it can also link to an additional Magnum (for primary / backup control arrangements).   The TOE also establishes a secure connection for sending syslog data to a syslog server using TLS and other external authentication stores using TLS-protected communications.


Vendor Information

Logo
Evertz Microsystems Ltd.
Paulo Francisco
(905)033-5037
pfrancisco@evertz.com

http://www.evertz.com
Site Map              Contact Us              Home