NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - McAfee Network Security Platform (NSM Linux Appliance v10.1.19.17 and NS Sensor Appliances v10.1.17.15

Certificate Date:  2020.11.09

Validation Report Number:  CCEVS-VR-VID11079-2020

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.1
  Extended Package for Intrusion Prevention Systems Version 2.11

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The TOE is comprised of the McAfee Network Security Platform (NSP) software running on one Network Security Manager (NSM) Linux Appliance and one or more Network Sensors.

The McAfee Network Security Platform (NSP) Sensor performs stateful inspection on a per-packet basis to discover and prevent intrusions, misuse, denial of service (DoS) attacks, and distributed denial of service (DDoS) attacks. NSP is available in multiple Sensor appliances providing different bandwidth and deployment strategies. These models are listed below in Table 1.

Network Security Manager (NSM) is used to manage and push configuration data and policies to the Sensors. Communication between NSM and Sensors uses secure channels that protect the traffic from disclosure and modification. Authorized administrators may access the NSM via a GUI (over HTTPS) or a CLI (via SSH or a local connection). Sensors may be accessed via CLI (via SSH or a local connection) for initial setup. Once initial setup is complete, all management occurs via the NSM.

The NS Sensor’s presence on the network is transparent. The Sensor is protected from the monitored networks as the system is configured to not accept any management requests or input from the monitored networks.

Table 1 - TOE Appliance Series and Models

Model

CPUs

Memory (Size and Qty)

Storage

Micro-architecture

NS Sensor Appliances

IPS-NS9100

4 x XEON E5-4610

16 x 4GB

2 x 300GB SSD

Sandy Bridge

IPS-NS9200

4 x XEON E5-4640

16 x 8GB

2 x 300GB SSD

Sandy Bridge

IPS-NS9300 P

4 x XEON E5-4640

16 x 8GB

2 x 300GB SSD

Sandy Bridge

IPS-NS9300 S

4 x XEON E5-4640

16 x 8GB

2 x 300GB SSD

Sandy Bridge

IPS-NS9500

2 x XEON GOLD 6138 or

12 x 16GB

2 x 240GB SSD

Scalable (Skylake)

2 x XEON GOLD 6230

12 x 16GB

2 x 240GB SSD

2nd Gen Scalable (Cascade Lake)

IPS-NS7150

1 x XEON GOLD 6130

4 x 16GB

1 x 240GB SSD

Scalable (Skylake)

IPS-NS7250

1 x XEON GOLD 6130

4 x 16GB

1 x 240GB SSD

Scalable (Skylake)

IPS-NS7350

1 x XEON GOLD 6130

4 x 16GB

1 x 240GB SSD

Scalable (Skylake)

IPS-NS7100

1 x XEON E5-2658 V2

3 x 8GB

1 x 160GB SSD

Ivy Bridge

IPS-NS7200

2 x XEON E5-2628 V2

8 x 4GB

1 x 160GB SSD

Ivy Bridge

IPS-NS7300

2 x XEON E5-2658 V2

8 x 8GB

1 x 160GB SSD

Ivy Bridge

IPS-NS5200

1 x XEON E5-2620 V3

2 x 8GB

1 x 80GB SSD

Haswell

IPS-NS5100

1 x XEON E5-2620 V3

2 x 8GB

1 x 80GB SSD

Haswell

IPS-NS3200

1 x ATOM C2538

2 x 4GB

1 x 30GB SSD

Rangeley

IPS-NS3100

1 x ATOM C2538

2 x 4GB

1 x 30GB SSD

Rangeley

IPS-NS3500

1 x ATOM C2558

1 x 8GB

1 x 32GB Compact Flash

Rangeley

NSM Linux Appliance

NSM-MAPL-NG

1 x XEON SILVER 4114

4 x 16GB

2 x 2TB HDD

Scalable (Skylake)


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which McAfee Network Security Platform (NS Sensor appliances and NSM Linux appliance) is evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. Acumen Security determined that the evaluation is conformant to the collaborative Protection Profile for Network Devices (v2.1, 11 March 2019) NDcPP and Network Device Collaborative Protection Profile (NDcPP)/Stateful Traffic Filter Firewall Collaborative Protection Profile (FWcPP) Extended Package for Intrusion Prevention Systems (v2.11, 15-June-2017) [IPSEP]. The product, when delivered and configured as identified in the Operational User Guidance and Preparative Procedures, satisfies all the security functional requirements stated in the Security Target. The project underwent CCEVS Validator review. The evaluation was completed in November 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

The logical boundary of the TOE includes those security functions implemented exclusively by the TOE.

Security Audit

The TOE generates audit records related to TOE operation and administration. These audit records are stored on the NSM management platform (and stored in a local database) and are also forwarded to an external audit server. The database stores 50,000 audit records. When the database reaches capacity, the oldest audit records are overwritten.

The NS Sensor generates audit records and forwards the audit records to the NSM platform. If the NSM platform is not available, the NS Sensor caches audit records in a local file. When connectivity with NSM is restored, the file is uploaded and then deleted. If the file is reaches capacity, new events are dropped.

Only authenticated users can view audit records.

Cryptographic Support

The TOE uses symmetric key cryptography to secure communications between the Sensors and the NSM for the following functionality:

·         Exchange of configuration information (including IPS policies)

·         Time/date synchronization from the NSM to Sensors

·         Transfer of IPS data to the NSM

·         Transfer of audit records to the NSM

·         Distribution of TOE updates to Sensors

Connections between the NSM and Sensors are secured using TLS.

Connections between the NSM and the Audit Server (for audit record upload) are secured using TLS.

Connections between the Sensor and the SCP Server is secured using SSH.

Sessions between the Management Workstation and the TOE are secured using SSH or HTTPS and authenticated using username and password. Local console connections between the Console Workstation and the TOE are physically secured. The Sensors also use SSH to securely copy a new image to update the Sensor.

Identification and Authentication

Administrators connecting to the TOE are required to enter an NSP administrator username and password to authenticate the administrative connection prior to access being granted.

The NSM and NS Sensors authenticate to one another through a shared secret that is configured during the initial installation and setup process of the TOE. Individual Sensors must use CA-signed certificates. In the evaluated configuration, the NSM supports self-signed certificates only for the installation process of Sensors before they are in their evaluated configuration.

Security Management

An administrative CLI can be accessed via the Console port or SSH connection, and an administrative GUI on the NSM may be accessed via HTTPS. These interfaces are used for administration of the TOE, including audit log configuration, upgrade of firmware and signatures, administration of users, configuration of SSH and TLS connections.

Only administrators authenticated to the “Admin” role are considered to be authorized administrators.

Protection of the TSF

The presence of the NS Sensors' components on the network is transparent (other than network packets sent as reactions to configured IPS conditions). The NS Sensors are protected from the monitored networks as the system is configured to not accept any management requests or input via the monitored interfaces.

The TOE users must authenticate to the TOE before any administrative operations can be performed on the system.

The TOE ensures consistent timestamps are used by synchronizing time information on the NS Sensors with the NSM, so that all parts of the NSP system share the same relative time information. Synchronization occurs over a secure communications channel. Time on the NSM may be configured by an administrator.

The administrator can query the currently installed versions of software on the TOE components using the “show” command, which returns details about the software and hardware version. A trusted update of the TOE software can be performed from the NSM UI, which is then pushed out to the Sensors.

A suite of self-tests is performed by the TOE at power on, and conditional self-tests are performed continuously.

TOE Access

The TOE monitors local and remote administrative sessions for inactivity and terminates the session when a threshold time is reached. An advisory notice is displayed at the start of each session.

Trusted Path/Channels

The TSF provides the following trusted communication channels:

·         TLS for an audit server

·         TLS for communication between NSM and Sensors

·         SSH for communication with an SCP Server for updates

The TOE implements TLS/HTTPS and SSH for protection of communications between itself and the administrators.

Intrusion Prevention

The TOE performs analysis of IP-based network traffic and detects violations of administratively defined IPS policies. The TOE inspects each packet header and payload for anomalies and known signature-based attacks and performs configured actions for policy violations.


Vendor Information


McAfee, LLC
Mark Hanson
972-963-7326
mark_hanson@mcafee.com

www.mcafee.com
Site Map              Contact Us              Home