NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Trend Micro TippingPoint Threat Protection System version 5.1.0

Certificate Date:  2019.01.30

Validation Report Number:  CCEVS-VR-VID10949-2019

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314

CC Testing Lab:  Leidos Common Criteria Testing Laboratory


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The TippingPoint Threat Protection System v5.1 is a network device provided as a standalone hardware or virtual appliance. It offers threat protection, shielding network vulnerabilities, blocking exploits, and defending against known and zero-day attacks. The appliances include the TPS 5.1 software; and each hardware appliance also includes the hardened Linux-4.4.85-yocto-standard operating system. All models include external user disk memory (CFast or SSD) that is used to store all traffic logs, snapshots, ThreatDV URL Reputation Feed, User-defined URL Entries database, and packet capture data. The TX models include standard I/O modules used to receive and transmit packets for the threat detection functions. The 8200TX includes two I/O module slots and the 8400TX includes four I/O module slots. These threat protection functions may be enabled and used without affecting the claimed security functionality; however, these features have not been evaluated. The TOE was evaluated as a network device only.

The TOE models included in the evaluation are TPS 440T, TPS 2200T (1 and 2 Gbps models), TPS 8200TX, TPS 8400TX, and vTPS. 


Evaluated Configuration


Security Evaluation Summary

The TippingPoint Threat Protection System v5.1 is a network device provided as a standalone hardware or virtual appliance. It offers threat protection, shielding network vulnerabilities, blocking exploits, and defending against known and zero-day attacks. The appliances include the TPS 5.1 software; and each hardware appliance also includes the hardened Linux-4.4.85-yocto-standard operating system. All models include external user disk memory (CFast or SSD) that is used to store all traffic logs, snapshots, ThreatDV URL Reputation Feed, User-defined URL Entries database, and packet capture data. The TX models include standard I/O modules used to receive and transmit packets for the threat detection functions. The 8200TX includes two I/O module slots and the 8400TX includes four I/O module slots. These threat protection functions may be enabled and used without affecting the claimed security functionality; however, these features have not been evaluated. The TOE was evaluated as a network device only.

The TOE models included in the evaluation are TPS 440T, TPS 2200T (1 and 2 Gbps models), TPS 8200TX, TPS 8400TX, and vTPS. 


Environmental Strengths

Security Audit

The TOE is able to generate audit records for security relevant events specified in the claimed Protection Profile. The TOE can be configured to store the audit records locally on the TOE and can also be configured to send the logs to a designated external log server. The audit records in local audit storage cannot be modified or deleted.  In the event the space available for storing audit records locally is exhausted, the TOE deletes the oldest historical log file, renames the current log file to be a historical file, and creates a new current log file.  The TOE will write a warning to the audit trail when the space available for storage of audit records exceeds 75% space remaining threshold.

Cryptographic Support

The TOE is operated in FIPS mode and includes FIPS-approved and NIST-recommended cryptographic algorithms.  The TOE provides cryptographic mechanisms for symmetric encryption and decryption, cryptographic signature services, cryptographic hashing services, keyed-hash message authentication services, deterministic random bit generation seeded from a suitable entropy source, and key zeroization. The cryptographic mechanisms support SSH used for secure communication, both as client and server.

Identification and Authentication

The TOE requires users (i.e., administrators) to be successfully identified and authenticated before they can access any security management functions available in the TOE.    The TOE offers both a locally connected console and a network accessible interface over SSH to support administration of the TOE.

The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. When a user is authenticated at the local console, no information about the authentication data (i.e., password) is echoed to the user. Passwords can be composed of any combination of upper and lower case letters, numbers, and the following special characters: !; @; #; $; %; ^; &; *; (; ); ,; .; ?; <; >; and /.

The TOE provides authentication failure handling for remote administrator access.  When the defined number of unsuccessful authentication attempts has been reached, the remote administrator accessing the TOE via SSH is locked out for an administrator configurable period of time. Authentication failures by remote Administrators cannot lead to a situation where no Administrator access is available to the TOE since administrator access is still available via local console.

Security Management

The TOE provides administrator roles and supports local and remote administration. The TOE supports Super User, Admin, and Operator roles that map to the Security Administrator role in the protection profile. Each user must be assigned a role in order to perform any management action.

Protection of the TSF

The TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism that ensures reliable time information is available.

The TOE provides mechanisms to view the current version of the TOE and to install updates of the TOE software. TOE updates are initiated manually by the Super User or Admin, who can verify the integrity of the update prior to installation using a digital signature.

The TOE performs tests for software module integrity and cryptographic known-answer tests.

TOE Access

The TOE implements administrator-configurable session inactivity limits for local interactive sessions at the console and for SSH sessions.  The TOE will terminate such sessions when the inactivity period expires. In addition, administrators can terminate their own interactive sessions by logging out at the console and SSH.

The TOE supports an administrator-configurable TOE access banner that is displayed prior to a user completing the login process at the CLI. This is implemented for both local and remote management connections (console, SSH).

Trusted Path/Channels

The TOE protects interactive communication with remote administrators using SSH. SSH ensures confidentiality of transmitted information and detects any loss of integrity.

The TOE also uses SSH to protect the transmission of audit records to an external audit server.


Vendor Information

Logo
Trend Micro
Greg Cooper
512-646-6100
512-582-1361
greg_cooper@trendmicro.com

www.trendmicro.com
Site Map              Contact Us              Home