Compliant Product - ID Technologies GoSilent Cube + GoSilent Server v25.01
Certificate Date: 2022.12.22CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11310-2022
Product Type: Firewall
Virtual Private Network
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
collaborative Protection Profile Module for Stateful Traffic Filter Firewalls v1.4 + Errata 20200625
PP-Module for Virtual Private Network (VPN) Gateways Version 1.2
CC Testing Lab: Lightship Security USA, Inc.
The TOE is a distributed TOE which consists of the ID Technologies GoSilent Cube + GoSilent Server v25.01 operating together as a single solution to provide firewall and VPN capabilities for remote network devices to secure their communications. The GoSilent Cube is a hardware user device and the GoSilent Server is a virtualized appliance.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the GoSilent Cube + GoSilent Server v25.01 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 5. The product, when configured as identified in the ID Technologies GoSilent Cube + GoSilent Server v25.01 Common Criteria Guide, Version 1.8, December 2022, satisfies all of the security functional requirements stated in the ID Technologies GoSilent Cube + GoSilent Server v25.01 Security Target, Version 1.18, December 2022. The project underwent CCEVS Validator review. The evaluation was completed in December 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11310-2022) prepared by CCEVS .
The TOE is comprised of the following security features which are described in more detail in the subsections below.
The TOE generates logs for auditable events. These logs are stored locally in protected storage and are also forwarded via a TLS connection to an external audit server in real-time. When the maximum storage utilization has been reached, the oldest audit records are discarded so that the new records can be saved. Only authorized administrators may view audit records and no capability to modify the audit records is provided.
The TOE provides mechanisms for configuring, registering, and enabling components in order to establish secure communications with each other.
The TOE implements key generation and other cryptographic services to protect TOE communications including data in transit and at rest. The TOE provides the following CAVP-certified cryptographic services: asymmetric cryptographic key pair generation; key establishment; symmetric data encryption and decryption; digital signature generation and verification; cryptographic hashing; keyed-hash message authentication; and random bit generation.
The TOE provides mechanisms to protect user data and prevent its persistence by overwriting storage space with zeros when memory is deallocated.
Firewall & Packet Filtering
The TOE provides firewall functionality for all traffic passed through the TOE by enforcing stateful network traffic filtering based on examination of network packets and the application of information flow rules.
Identification and Authentication
The TOE implements mechanisms to identify and authenticate all administrators to ensure only authorized access to TOE functionality or TSF data is granted. Identification and authentication are required for both local and remote administrator access
Authentication of an administrator is through use of a username/password. The minimum password may be configured from 8 to 40 characters, that incorporate a combination of lowercase letters, uppercase letters, numbers, and special characters (“!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, “)”). The TOE obscures feedback to the administrator when the password is entered. If an authentication attempt fails, (either the username is not recognized, or the password is incorrect) an error message is presented.
The TOE tracks the number of sequential failed authentication attempts for each user account. Upon meeting the configured limit for failed authentication attempts, the TOE locks the account in question for an administrator configured time period. During this time, entering the correct password for the locked account will still result in an authentication failure. Any successful authentication resets the counter to zero.
The TOE provides a suite of management functionality for each TOE component, which is only configurable and accessible by authorized administrators. The TOE supports the role of Security Administrator and can be administered both locally and remotely. Management of the TOE is primarily performed through GoSilent Server. However, initial management of GoSilent Cube, providing enough configuration information for it to connect to GoSilent Server, is required.
Protection of the TSF
The TOE implements a variety of protection mechanisms including authentication, self-tests, and trusted update functions to ensure the integrity of the TOE and that its TSF data is protected from unauthorized access.
The TOE protects inter-TOE communication between the GoSilent Server and Cube from disclosure and modification using IPSec.
The TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator.
The TOE provides reliable time stamps for its own use. The GoSilent Server obtains time from the virtualization server. Alternatively, the GoSilent Server time can also be set by an administrator. The GoSilent Cube time is set by an administrator.
The TOE provides administrators with the ability to query the current running version of its software and manually update the TOE. Updates are signed with an ID Technologies Security key. Once the image has been downloaded, the TOE checks the signature of the image (against the ID Technologies Security public key) before the image is applied.
At power-on tests are performed on each component to confirm the integrity of the firmware and a statistical assessment of the entropy source to include noise source health test and DRBG randomness.
The TOE provides session monitoring and management functions for local and remote administrative sessions. The TOE will terminate inactive local and remote interactive sessions after a configurable amount of time. Administrative users may terminate their own sessions.
The TOE provides secure TLS channels between itself and local/remote administrators, including protected logging channels to ensure data in transit is protected.
ID Technologies, A CACI Company