NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - NIKSUN NetOmni, software version

Certificate Date:  2017.12.07

Validation Report Number:  CCEVS-VR-VID10868-2017

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  Booz Allen Hamilton Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The NIKSUN NetOmni 8940 (also known as the NetOmni) provides an overview of critical operations of the monitored network. The overview includes monitoring business service disruptions, performance issues, and security incidents. NetOmni accomplishes this by providing performance monitoring, traffic analysis, and reporting systems for a network.

Evaluated Configuration

The TOE is the NIKSUN NetOmni 8940 appliance, running the software NIKSUN NetOmni Everest version

The following lists components and applications in the environment that the TOE relies upon in order to function properly: 

  • Management Workstation: Any general-purpose computer that is used by a Security Administrator to manage the TOE. The TOE can be managed remotely, in which case the management workstation requires an SSH client to access the CLI or a web browser (Microsoft Internet Explorer 9.0 or higher and Mozilla Firefox 3.6 or higher) to access the web GUI.
  • LDAP/AD Server: A system that is capable of receiving authentication requests using LDAP over TLS and validating these requests against identity and credential data that is defined in an LDAP directory. In the evaluated configuration, the TOE connects to a server with OpenLDAP for its remote authentication store.
  • Syslog Server: The Syslog Server connects to the TOE and allows the TOE to send Syslog messages to it for remote storage. This is used to send copies of audit data to be stored in a remote location for data redundancy purposes.
  • SCP server: A secure server used to ensure the secure copying of data through an SSH encrypted connection. In the evaluated configuration, the SCP Server is used to transfer software updates to the TOE’s software image directory.
  • CRL Distribution Point: A server deployed within the Operational Environment which confirms the validity and revocation status of certificates.
  • NetDetector/NetVCR: NetDetector/NetVCR is a network security and performance monitoring system which sends captured packet data to NetOmni. The NetDetector/NetVCR also receives commands and is managed by NetOmni. The TOE communicates with NetDetector/NetVCR over an encrypted channel.
  • SMTP Server: A server that forwards an email that is sent from NetOmni when a user utilizes the “Forgot Username/Password” feature on the NetOmni log in screen. The email is protected from unauthorized disclosure using TLS.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. NetOmni was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the NIKSUN NetOmni 8940 Security Target Version 1.0. The evaluation underwent CCEVS Validator review. The evaluation was completed in November 2017. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID10868-2017 prepared by CCEVS.

Environmental Strengths

Security Audit

Audit records are generated for various types of management activities and events. These records include the date and time stamp of the event, the event type, and the subject identity. Audit records are stored as syslog records on the TOE, and can be configured to also be sent to a Syslog Server via a TLS connection. When the storage space allocated to specific audit record types is exhausted, the TOE will overwrite the oldest relevant log file of that type. 

Cryptographic Support

The TOE provides cryptography in support of SSH, TLS and HTTPS trusted communications. The TOE relies on its FIPS validated OpenSSL Module v4.0 cryptographic module (CMVP certificate # 2441) to implement cryptographic methods and trusted channels. Cryptographic keys are generated using the CTR_DRBG provided through this module. The TOE uses Diffie Hellman (SP 800-56A) key establishment methods which use key pairs generated according to FIPS PUB 186-4. The TOE uses NIST-validated cryptographic algorithms (certificates AES Certs. #3641 and 3642, DRBG Cert. #970 and 971, DSA Cert. #1016, HMAC Cert. #2391 and 2394, CVL Cert. #657, RSA Cert. #1878, SHA Cert. #3058 and 3061) to provide cryptographic services. NetOmni’s implementation of these has been validated to ensure that the algorithms are appropriately strong and correctly implemented for use in trusted communications. The TOE collects entropy from software-based sources contained within the device to ensure sufficient randomness for secure key generation. Cryptographic keys are destroyed when no longer needed.

Identification and Authentication

The TOE verifies the identity of users connecting to the TOE. All users must be identified and authenticated before being allowed to perform actions on the TOE. This is true of users accessing the TOE via the local console, or through protected paths using the remote CLI via SSH or the web GUI via TLS 1.2. Users can authenticate to the TOE using a username and password. In addition, when authenticating by the remote CLI, users can instead use SSH public-key authentication. LDAP can be configured to provide external authentication. 

The TOE uses X.509v3 certificates to perform server side authentication of NetDetector/NetVCR, Syslog Server, SMTP Server, and LDAP/AD Server. The TSF determines the validity of the certificates by confirming the validity of the certificate chain, and verifying that the certificate chain ends in a trusted Certificate Authority (CA). The TSF connects with a CRL distribution point through HTTP to confirm certificate validity and to access certificate revocation lists (CRL).

Security Management

The TOE has a role based authentication system where roles (permissions) are assigned to groups for the web GUI. Authorized actions for a particular user are dependent on which group they are assigned to. There are 4 initial groups: Administrator, Account Administrator, Advanced Users, and Users. Only users assigned to the Administrator group are capable of performing SFR related management functions via the web GUI and thus, are Security Administrators in the context of the evaluation. The VCR user is the Security Administrator user for the remote and local CLI, and is able to update the TOE’s software and verify it via published hash.

Protection of the TSF 

The TOE stores passwords in a variety of locations depending on their use. The passwords cannot be viewed by any user regardless of the user’s role and are encrypted or hashed. Pre-shared keys, symmetric keys, and private keys cannot be accessed in plaintext form by any user. There is an underlying hardware clock that is used for accurate timekeeping and synchronization to other devices on the network. Power-on self-tests are executed automatically when the cryptographic module is loaded into memory. It verifies its own integrity using an HMAC-SHA-256 digest computed at build time and also tests all algorithms for integrity. The TOE also performs self-tests on the CPU, RAM, and disk components. The TOE’s DRBG also performs its own health tests.

The version of the TOE is verified via the CLI or web GUI. The TOE is updated by the VCR user by transferring the software to the CLI. Updated software images are downloaded to the SCP Server and are transferred to the TOE via the SCP using SSH. The administrator is also capable of copying the image to a CD and manually loading it to the TOE. The TOE conducts a hash verification on the system image using SHA-256 against the known hash to ensure the integrity of the update.

TOE Access 

The TSF can terminate inactive sessions after an administrator-configurable time period. The TOE also allows users to terminate their own interactive session. Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. The TOE displays a configurable warning banner prior to its administrative use.

Trusted Path/Channels 

The TOE connects and sends data to IT entities that reside in the Operational Environment via trusted channels. In the evaluated configuration, the TOE connects to Syslog Server via TLS to send audit data for remote storage. TLS is also used for the TOE’s connection with the LDAP/AD Server for its remote authentication store. TLS/HTTPS is used for the transfer of data to the NetDetector appliance. TLS/HTTPS and SSH are used for remote administration of the TOE via the web GUI and remote CLI respectively.

Vendor Information

Darryle Merlette
609 936-9999
Site Map              Contact Us              Home