Compliant Product - SilentEdge Enterprise Server and GoSilent Client
Certificate Date: 2019.10.28CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID10971-2019
Product Type: Firewall
Virtual Private Network
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Stateful Traffic Filter Firewalls Version 2.0 + Errata 20180314
Extended Package for VPN Gateways Version 2.1
CC Testing Lab: Acumen Security
The Target of Evaluation (TOE) is the Attila Security SilentEdge Enterprise Server and GoSilent Client v19.07. These products operate together as a single distributed TOE.
The SilentEdge Enterprise Server is a dedicated server that acts as the centralized management and external access system for all GoSilent platforms integrated into one system. This platform provides the management GUI for configuration of SilentEdge as well as the GoSilent platforms. Operationally, it acts as the central peer for all IPsec connections from the GoSilent devices and provides gateway connectivity to external systems from the platforms located behind a GoSilent Client.
The GoSilent Client is a portable enterprise-grade firewall and VPN, ideal for sensitive communications, secure remote network access, and IoT deployments. GoSilent can be setup within minutes by non-technical users.
Together, GoSilent and SilentEdge provide a secure communications path to one or more systems located “behind” each GoSilent. These systems may connect to GoSilent via physical Ethernet. Each GoSilent establishes an IPsec VPN to the SilentEdge, and all traffic from the user systems is routed over that VPN. Physical Ethernet is supported on the VPN side of GoSilent.
SilentEdge applies policies to restrict the traffic that is permitted to pass between the user systems and external networks.
Management of the system is performed via a GUI provided by SilentEdge, accessed via a browser or remote PCs using TLS/HTTPS. Authorized administrators may configure SilentEdge as well as the GoSilent Clients.
GoSilent also provides a GUI accessed from a browser on a user system via a TLS/HTTPS connection. This GUI only provides authorized administrators with the ability to configure that specific GoSilent with enough information to connect to SilentEdge. All additional configuration information is downloaded from SilentEdge once the IPsec VPN is established.
Both SilentEdge and GoSilent generate audit records that are stored locally as well as sent to a remote syslog server via a TLS connection.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Attila Security SilentEdge Enterprise Server and GoSilent Client was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. The product, when delivered configured as identified in the TOE guidance, satisfies all the security functional requirements stated in the Attila Security SilentEdge Enterprise Server and GoSilent Client Security Target. The project underwent CCEVS Validator review. The evaluation was completed in October 2019. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Both SilentEdge and GoSilent generate audit records related to TOE operation and administration. These audit records are stored locally on SilentEdge and GoSilent and are also forwarded to an external audit server. When the audit storage reaches capacity, the oldest audit records are overwritten.
On SilentEdge, authenticated administrators can view audit records. GoSilent provides functionality for authorized administrators to export the audit records so that they can be viewed.
The TOE provides the following cryptographic operations:
· Asymmetric key generation using ECC schemes (P-256, P-384) and Diffie-Hellman Group 14
· Asymmetric key establishment using RSA schemes (2048 bits), ECC schemes (P-256, P-384) and Diffie-Hellman Group 14
· AES data encryption in CBC and GCM mode with key sizes of 128 and 256 bits
· ECDSA digital signature generation and verification with key sizes of 256 bits and 384 bits
· Hashing using SHA-1, SHA-256, SHA-384 and SHA-512
· Keyed hashing using HMAC-SHA-1, HMAC-SHA-256 and HMAC-SHA-384
· DRBG functionality using CTR_DRBG (AES)
Storage space for cryptographic keys is overwritten with zeroes when the keys are deleted.
Communication protocols are provided for the following purposes:
· IPsec for intra-TOE communication between GoSilent and SilentEdge
· TLS/HTTPS for management GUI access on SilentEdge and GoSilent
· TLS for transmission of audit records to the syslog server
User Data Protection
When memory is deallocated, the storage space is overwritten with zeroes.
The TOE provides stateful network traffic filtering based on examination of network packets and the application of information flow rules.
Identification and Authentication
Administrators connecting to the TOE are required to enter a valid username and password to authenticate the administrative connection prior to access being granted. If the configured number of authentication attempts is met for a configured remote administrator account, the account is locked for the configured amount of time.
SilentEdge and GoSilent authenticate to one another through X.509 certificates.
The syslog server is authenticated via X.509 certificates.
An administrative GUI on SilentEdge and GoSilent can be accessed via TLS/HTTPS. These interfaces are used for administration of the TOE, including audit log configuration, upgrade of firmware and certificates, administration of users, configuration of IPsec and TLS connections. Only authorized administrators may access this management functionality.