NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - NIKSUN NetDetector/NetVCR 10440

Certificate Date:  2018.08.14

Validation Report Number:  CCEVS-VR-VID10869-2018

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314

CC Testing Lab:  Booz Allen Hamilton Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The NIKSUN NetDetector/NetVCR 10440 (also known as the NetDetector) sends information about detected events to NetOmni for data aggregation and to provide real-time network-wide analysis. NetDetector accomplishes this by providing security monitoring of network traffic using IDS methods and statistical anomaly detection in order to safeguard networks against cyber-attacks.

Evaluated Configuration

The TOE is the NIKSUN NetDetector/NetVCR 10440 appliance, running the NIKSUN NetDetector/NetVCR Everest software version

The following lists components and applications in the environment that the TOE relies upon in order to function properly: 

  • Management Workstation: Any general-purpose computer that is used by a Security Administrator to manage the TOE. The TOE can be managed remotely, in which case the management workstation requires an SSH client to access the CLI or a web browser (Microsoft Internet Explorer 9.0 or higher and Mozilla Firefox 3.6 or higher) to access the web GUI.
  • LDAP/AD Server: A system that is capable of receiving authentication requests using LDAP over TLS and validating these requests against identity and credential data that is defined in an LDAP directory. In the evaluated configuration, the TOE connects to a server with OpenLDAP for its remote authentication store.
  • Syslog Server: The Syslog Server connects to the TOE and allows the TOE to send Syslog messages to it for remote storage. This is used to send copies of audit data to be stored in a remote location for data redundancy purposes.
  • SCP server: A secure server used to ensure the secure copying of data through an SSH encrypted connection. In the evaluated configuration, the SCP Server is used to transfer software updates to the TOE’s software image directory.
  • CRL Distribution Point: A server deployed within the Operational Environment which confirms the validity and revocation status of certificates.
  • NetOmni: NetDetector/NetVCR is a network security and performance monitoring system which sends captured packet data to NetOmni. The NetDetector/NetVCR also receives commands and is managed by NetOmni. The TOE communicates with NetOmni over an encrypted channel.
  • SMTP Server: A server that forwards an email that is sent from NetDetector/NetVCR when a user utilizes the “Forgot Username/Password” feature on the NetDetector/NetVCR log in screen. The email is protected from unauthorized disclosure using TLS.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. NetDetector was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the NIKSUN NetDetector/NetVCR 10440 Security Target Version 1.0. The evaluation underwent CCEVS Validator review. The evaluation was completed in August 2018. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID10869-2018 prepared by CCEVS.

Environmental Strengths

Security Audit

Audit records are generated for various types of management activities and events. These records include the date and time stamp of the event, the event type, and the subject identity. Audit records are stored as syslog records on the TOE, and can be configured to also be sent to a Syslog Server via a TLS connection. When the storage space allocated to specific audit record types is exhausted, the TOE will overwrite the oldest relevant log file.

Cryptographic Support

The TOE relies on its NIKOS FIPS Object Module 2.0.16 (derived from OpenSSL FIPS Object Module 2.0.7) cryptographic module to implement cryptographic methods and trusted channels. Cryptographic keys are generated using the CTR_DRBG provided through this module. The TOE destroys all plaintext secrets and private keys. 

SSH is used to secure the remote CLI interface for remote management of the TOE. SSH is also used to secure the communication with the SCP Server when the TOE receives software image updates. The TOE uses TLS to secure the automatic transfer of audit records to the Syslog Server, and for connection to the LDAP/AD Server for remote authentication. When a user utilizes the “Forgot Username/Password” feature on the NetDetector/NetVCR login screen, NetDetector/NetVCR will send an email to the SMTP Server over a protected TLS channel. TLS/HTTPS is used to secure the connection for remote management of the TOE via the web GUI as well as connections to NetOmni devices. The TOE will deny any connections for disallowed protocols and invalid X.509v3 certificates.

Identification and Authentication

The TOE verifies the identity of users connecting to the TOE. All users must be identified and authenticated before being allowed to perform actions on the TOE. This is true of users accessing the TOE via the local console, or through protected paths using the remote CLI via SSH or the web GUI via TLS 1.2. Users can authenticate to the TOE using a username and password. In addition, when authenticating by the remote CLI, users can instead use SSH public-key authentication. LDAP can be configured to provide external authentication for the GUI.

The TOE uses X.509v3 certificates to perform server side authentication of Syslog Server, SMTP Server and LDAP/AD Server and present its certificate to NetOmni for authentication. The TSF determines the validity of the certificates by confirming the validity of the certificate chain, and verifying that the certificate chain ends in a trusted Certificate Authority (CA). The TSF connects with a CRL distribution point through HTTP to confirm certificate validity and to access certificate revocation lists (CRL).

Security Management

The TOE has a role based authentication system where roles (permissions) are assigned to groups for the web GUI. Authorized actions for a particular user are dependent on which group they are assigned to. There are 4 initial groups: Administrator, Account Administrator, Advanced Users, and Users. Only users assigned to the Administrator group are capable of performing SFR related management functions via the web GUI and thus, are Security Administrators in the context of the evaluation. The VCR user is the Security Administrator user for the remote and local CLI, and is able to update the TOE’s software and verify it via published hash.

Protection of the TSF

The TOE stores passwords in a variety of locations depending on their use and encryption. They cannot be viewed by any user regardless of the user’s role. Pre-shared keys, symmetric keys, and private keys cannot be accessed in plaintext form by any user. There is an underlying hardware clock that is used for accurate timekeeping and is set by the Security Administrator. Power-on self-tests are executed automatically when the cryptographic module is loaded into memory. It verifies its own integrity using an HMAC-SHA-256 digest computed at build time and also tests all algorithms for integrity. The TOE also performs self-tests on the CPU, RAM, and disk components. The TOE’s DRBG also performs its own health tests.

The version of the TOE is verified via the CLI or web GUI. The TOE is updated by the VCR user via the CLI. Updated software images are downloaded to the SCP Server and are transferred to the TOE via the SCP using SSH. The administrator is also capable of copying the image to a CD and manually loading it to the TOE. The TOE conducts a hash verification on the system image using SHA-256 against the known hash to ensure the integrity of the update. 

TOE Access

Before any user authenticates to the TOE, the TOE displays a configurable Security Administrator banner for the web GUI. The local and remote CLI interfaces display the default Linux security banner prior to authentication that is also configurable. The TOE can terminate local CLI, remote CLI, and web GUI sessions after a specified time period of inactivity. Administrator users have the capability to terminate their own sessions. 

Trusted Path/Channels

The TOE connects and sends data to IT entities that reside in the Operational Environment via trusted channels. In the evaluated configuration, the TOE connects to Syslog Server via TLS to send audit data for remote storage. TLS is used for the TOE’s connection with the SMTP Server to send secure email. TLS is also used for the TOE’s connection with the LDAP/AD Server for its remote authentication store. TLS/HTTPS is used for the transfer of data to the NetOmni appliance. TLS/HTTPS and SSH are used for remote administration of the TOE via the web GUI and remote CLI respectively.

Vendor Information

Darryle Merlette
609 936-9999
Site Map              Contact Us              Home