NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - FireEye NX Series Hardware and Virtual Appliances: NX1500, NX1500V, NX2500, NX2500V, NX2550, NX2550V, NX3500, NX4500, NX4500V, NX5500, NX6500V, NX10450

Certificate Date:  2018.01.30

Validation Report Number:  CCEVS-VR-VID10836-2018

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The FireEye Network Threat Prevention Platform identifies and blocks zero-day Web exploits, droppers (binaries), and multi-protocol callbacks to help organizations scale their advanced threat defenses across a range of deployments, from the multi-gigabit headquarters down to remote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats.

FireEye NX Series Appliances are network devices that provide network security. Each appliance runs a custom-built hardened version of Linux with only the required services enabled. 

The TOE is comprised of several models of the FireEye NX Series Appliances as shown below.

 

NX 1500

NX 2500

NX 2550

NX 3500

Network Ports

4x 10/100/1000 BASE-T Ports

4x 10/100/1000 BASE-T Ports

10x 10/100/1000 BASE-T Ports

10x 10/100/1000 BASE-T Ports

Storage

Single 500 GB HDD

Single 1 TB HDD

2x 4TB disk

2x 4TB disk

Enclosure

1RU, desktop

1RU, Fits 19 inch Rack

1RU, Fits 19 inch Rack

2RU, Fits 19 inch Rack

Software

Version 8.0

Version 8.0

Version 8.0

Version 8.0

 

 

NX 4500

NX 5500

NX 10450

Network Ports

14x 10/100/1000 BASE-T Ports

14x 10/100/1000 BASE-T Ports

8 x SFP+

Storage

2x 4TB disk

2x 4TB disk

4x 800 GB SSD, RAID

Enclosure

2RU, Fits 19 inch Rack

2RU, Fits 19 inch Rack

2RU, Fits 19 inch Rack

Software

Version 8.0

Version 8.0

Version 8.0

 

 

NX1500V

NX2500V

NX2550V

Hypervisor

VMWare ESXi

VMWare ESXi

VMWare ESXi

Platform

Dell 630R

Dell 630R

Dell 630R

Software

Version 8.0

Version 8.0

Version 8.0

 

 

NX4500V

NX4550V

Hypervisor

VMWare ESXi

VMWare ESXi

Platform

Dell 630R

Dell 630R

Software

Version 8.0

Version 8.0


Evaluated Configuration

The TOE evaluated configuration consists of one of the appliances listed above. The TOE supports secure connectivity with several IT environment devices as shown below.

Component

Required

Usage/Purpose Description for TOE performance

Management Workstation with Web Browser/SSH Client

Yes

This includes any IT Environment Management workstation with a Web Browser and a SSH client installed that is used by the TOE administrator to support TOE administration through HTTPS and SSH protected channels.  Any SSH client that supports SSHv2 may be used. Any web browser that supports TLS 1.1 or greater may be used.

NTP Server

No

The TOE supports communications with an NTP server to synchronize date and time.

Syslog server

No

The syslog audit server is used for remote storage of audit records that have been generated by and transmitted from the TOE.  The syslog server must support communications using TLS 1.1 or TLS 1.2.

LDAP AAA Server

No

This includes any IT environment LDAP AAA server that provides authentication services to TOE administrators.  The LDAP server must support communications using TLS 1.1 or TLS 1.2.


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the FireEye NX Series Appliances were evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered and configured as identified in the “FireEye NX Series Appliances Common Criteria Addendum,” satisfies all of the security functional requirements stated in the “FireEye NX Series Appliances Security Target.” The project underwent CCEVS Validator review.  The evaluation was completed in January 2018.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

The TOE provides the following security functions:

  • Protected Communications. The TOE protects the integrity and confidentiality of communications as follows:

o   TLS connectivity with the following entities:

§  External LDAP Server (with device level authentication)

§  Audit Server (with device level authentication)

§  Management Web Browser

o   SSH connectivity with the following entities:

§  Management SSH Client

 

  • Secure Administration. The TOE enables secure local and remote management of its security functions, including:

o   Local console CLI administration

o   Remote CLI administration via SSHv2

o   Remote GUI administration via HTTPS/TLS

o   Administrator authentication using a local database, via LDAP over TLS, or via X.509 certificates to the remote GUI

o   Password complexity enforcement

o   Role Based Access Control - the TOE supports several types of administrative user roles. Collectively these sub-roles comprise the “Security Administrator”

o   Configurable banners to be displayed at login

o   Timeouts to terminate administrative sessions after a set period of inactivity

o   Protection of secret keys and passwords

  • Trusted Update. The TOE ensures the authenticity and integrity of software updates through digital signatures and requires administrative intervention prior to the software updates being installed.
  • Security Audit. The TOE keeps local and remote audit records of security relevant events. The TOE internally maintains the date and time which can either be set manually or synchronized with an NTP server.  The TOE is configured to transmit its audit messages to an external syslog server. Communication with the syslog server is protected using TLS.
  • Self-Test. The TOE performs a suite of self-tests to ensure the correct operation and enforcement of its security functions.
  • Cryptographic Operations. The TOE provides cryptographic support for the services described in the following table.

Cryptographic Method

Use within the TOE

TLS Establishment

Used to establish initial TLS session.

SSH Establishment

Used to establish initial SSH session.

ECDSA Signature Services

Used in TLS session establishment.

RSA Signature Services

Used in TLS session establishment.

Used in SSH session establishment

Used in secure software update

SP 800-90 DRBG

Used in TLS session establishment.

Used in SSH session establishment

SHS

Used in secure software update

HMAC-SHS

Used to provide TLS traffic integrity verification

Used to provide SSH traffic integrity verification

AES

Used to encrypt TLS traffic

Used to encrypt SSH traffic

The related algorithm validation details are provided in the following table.

 

Algorithm

CAVP Cert #

Standard

Operation

SFR

RSA

2605

FIPS 186-4

Key Generation

Signature Generation/Verification

FCS_CKM.1

FCS_COP.1(2)

DSA

1286

FIPS 186-4

Key Generation

FCS_CKM.1

ECDSA

1193

FIPS 186-4

Key Generation

Signature Generation/Verification

FCS_CKM.1

FCS_COP.1(2)

SP 800-90 DRBG

1638

SP 800-90A

Random Bit Generation

FCS_RBG_EXT.1

SHS

3904

ISO/IEC 10118-3:2004

Hashing

FCS_COP.1(3)

HMAC-SHS

3172

ISO/IEC 9797-2:2011

Keyed-Hashing

FCS_COP.1(4)

AES

4761

AES specified in ISO 18033-3

CBC specified in ISO 10116

GCM specified in ISO 19772

Encryption/ Decryption

FCS_COP.1(1)

CVL

1406

SP 800-56A

Key Establishment

FCS_CKM.2

RSA

N/A

SP 800-56B (Vendor Affirmed)

Key Establishment

FCS_CKM.2

Each of the algorithms included in the table above is implemented by the “FireEye Cryptographic Implementation” cryptographic module.


Vendor Information

Logo
FireEye, Inc.
Steve Lanser
4083216300
certifications@fireeye.com

www.fireeye.com
Site Map              Contact Us              Home