NIAP: Assurance Continuity
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Product Entry  »»  Assurance Continuity  
Assurance Continuity - Maintenance Update of AhnLab MDS, MDS with MTA, and MDS Manager V2.1

Date of Maintenance Completion:  2018.07.13

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

Original Evaluated TOE:  2017.05.08 - AhnLab MDS, MDS with MTA, and MDS Manager v2.1

CC Certificate [PDF] Validation Report [PDF] Assurance Activity [PDF]

Administrative Guide [PDF]

Please note:  The above files are for the Original Evaluated TOE.  Consequently, they do not refer to this maintained version, although they apply to the maintained version. 

Security Target [PDF] * Assurance Continuity Maintenance Report [PDF] Administrative Guidance [PDF]

Please note:  This serves as an addendum to the VR for the Original Evaluated TOE. 

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product.  Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate.  Such assurance can only be gained through re-evaluation. 

Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary.  A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target.  Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents. 

Product Description

For this Assurance Continuity, the following TOE software version updates were released:

·         The TOE MDS Analyzer software was updated from version 2.1.8.26 to version 2.1.8.27 due to the update of the third party OpenSSL 1.0.2o.

·         The Data Viewer software was updated from version 2.1.8.29 to version 2.1.8.30 due to the update of the third party OpenSSL 1.0.2o.

Product Series

Specific Product Device

Device Software

MDS

MDS 1000

MDS Analyzer:  2.1.8.27

Data Viewer:  2.1.8.30

 

MDS 2000

MDS 4000

MDS 6000

MDS 8000

MDS10000

MDS with MTA

MDS 4000

MDS Analyzer:  2.1.8.27

Data Viewer:  2.1.8.30

 

MDS 6000

MDS 8000

MDS 10000

MDS Manager

MDS Manager 2000

Data Viewer:  2.1.8.30

 

MDS Manager  5000R

Data Viewer:  2.1.8.30

 

MDS Manager  5000AR

Data Viewer:  2.1.8.30

 

MDS Manager 10000R

Data Viewer:  2.1.8.30

 

MDS Manager 10000AR

Data Viewer:  2.1.8.30

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

In addition, the following changes were made to the evaluated hardware platforms:

·         MDS 4000

o   Modifications to the physical network port connections

·         MDS 8000

o   Modified the SSD from 1.2 GB to 960 GB

o   Modifications to the physical network port connections

·         MDS10000

o   Increasing the number of Xeon processor from 18 to 22

o   Increasing the physical hard drive capacity from 2TB to 8TB

o   Modified the SSD from 3.2 TB to (960 GB *2)

o   Modifications to the physical network port connections

·         MDS Manager 2000

o   Increasing the Xeon processor speed from 3.1 GHz to 3.3 GHz

·         MDS Manager 10000R

o   Increasing the Xeon processor speed from 3.4 GHz to 3.5 GHz 

The set of hardware models includes all original TOE models with the modification of the following:

Device

 

Main Processor

Storage

Network Ports

MDS 4000

From

Intel Xeon 10 Core

HDD: 2 TB, SSD: 480 GB

1GbE (Copper) 4ea

 

To

Intel Xeon 10 Core

HDD: 2 TB, SSD: 480 GB

1GbE (Copper) 4ea

1/10G SFP+ (Fiber) 4ea

 

MDS 8000

From

Intel Xeon 12 Core 2ea

HDD: 4 TB, SSD: 1.2 GB

1/10G SFP+ (Fiber) 4ea

 

To

Intel Xeon 12 Core 2ea

HDD: 4 TB, SSD: 960 GB

1GbE  (Copper) 4ea

1/10G SFP+ (Fiber) 4ea

 

 

 

 

 

MDS10000

From

Intel Xeon 18 Core 2ea

HDD: 2 TB, SSD: 3.2 TB

10/100/1000 Ethernet Ports(Copper) 2ea (MGT)

1G Ports (Fiber) 8ea

10G Ports (Fiber) 4ea

To

Intel Xeon 22 Core 2ea

HDD: 8 TB, SSD: 960 GB * 2

1GbE Ports (Copper) 2ea

1/10G Base-T Ports (Copper) 4ea

1/10G SFP+ Ports (Optical) 6ea

 

MDS Manager 2000

From

Intel Xeon Dual Core 3.1 Ghz

HDD:500 GB, Main: 4 GB

1G Ports(Copper) 2ea

To

Intel Xeon Dual Core 3.3 Ghz

HDD:500 GB, Main: 4 GB

1G Ports(Copper) 2ea

 

MDS Manager 10000R

From

Intel Xeon Quad Core 3.4 Ghz

HDD: 4 TB; Main 16 GB

1G Ports(Copper) 2ea

To

Intel Xeon Quad Core 3.5 Ghz

HDD: 4 TB; Main 16 GB

1G Ports(Copper) 2ea

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The AhnLab MDS, MDS with MTA, and MDS Manager V2.1 updates were the result of mitigating the third party vulnerabilities and the modification hardware specifications of five TOE appliances. 

No functionality, as defined in the SFRs, was impacted by the MDS Analyzer:  2.1.8.27 and Data Viewer version 2.1.8.30 software updates.   The TOE updates of the OpenSSL 1.0.2o did not affect the CAVP certifications since the AhnLab Cryptographic Module (ACM) binary has not been modified.   The CAVP certifications remain current.

The updates of increasing the number of Xeon core processors, CPU speed, and the physical network ports does not affect the SFRs as defined in the security target.  The TOE models have different specifications (in terms of performance and capabilities); they all contain the same firmware OS and therefore they all provide the same security functions described in the ST.  They have been considered to be the same for the purposes of the ST description.

The modification of adding to the number of Xeon core processors does not affect the CAVP certifications.   The updated core processors are still in the same Xeon family class.

These modifications to the TOE do not affect any SFRs, Security Functions, Assumptions or Objectives, Assurance Documents, or TOE Environment and therefore is a minor change. The security target is updated to reflect the modifications.

Changes to Evaluation Documents:

·         ST: modified to include updated list newly added hardware appliances and to update the listing of software version;

Regression Testing:

Regression testing was performed on the MDS10000 appliance with the MDS Analyzer software patch 2.1.8.27 and the Data Viewer software patch 2.1.8.30.   The test cases verified that the TOE devices with the MDS Analyzer software patch 2.1.8.27 and the Data Viewer software 2.1.8.30 generated the correct results and did not affect the security functionality defined in the Security Target.    The TLS cryptographic functionality performed by MDS Analyzer software patch 2.1.8.27 and the Data Viewer software patch 2.1.8.30 was verified.

Although of the TOE appliances have different specifications (in terms of performance and capabilities), they all contain the same Data Viewer software 2.1.8.30 and therefore they all provide the same security functions described in the ST.  The MDS Analyzer software version 2.1.8.27 is used on all MDS and MDS with MTA appliances.  Therefore, all of the TOE appliances can be considered equivalent and verified by the testing of the MDS 10000. 

Vulnerability Analysis:

The vendor conducted analysis searching the public domain for any new potential vulnerability that may have been identified since the evaluation completed. No vulnerabilities were discovered that were applicable to the TOE or that were not mitigated or corrected in the TOE via the firmware minor version update.  The firmware update was made to address newly discovered OpenSSL vulnerabilities.

Vendor Information

Logo
AhnLab
David Eung-Soo, Kim
+82 32 722 7872
+82 32 722 8901
eungsoo.kim@ahnlab.com

http://global.ahnlab.com/site/product/productSubDetail.do?prodSeq=15231
Site Map              Contact Us              Home