IBM Tivoli Netcool OMNIbus is an enterprise network and service level management (NMS-SLM) system that collects enterprise-wide event information from many different network data sources and presents a simplified view of this information to operators and administrators. IBM Tivoli Netcool OMNIbus tracks alert information in a database and presents information of interest to specifically identified and authenticated users through individually configurable filters and views. User activity can be accounted for and audited using the administration facilities provided by IBM Tivoli Netcool OMNIbus. Users can access the event information assigned to them from a client application or via a Java-enabled browser connecting to IBM Tivoli Netcool Webtop (an applet is available for greater functionality). IBM Tivoli Netcool Webtop is a web server application that processes network alert information and presents the data output to users so that they can monitor events in their IBM Tivoli Netcool OMNIbus environment. The server publishes alert data from one or more IBM Tivoli Netcool OMNIbus datasources in real-time so that operatives can view pages that display this information in a web browser.
\r\nCaution: It should be noted that the evaluated configuration of the product only tested the use of Syslog, SNMPv1, SNMPv2c, & SNMPv3 for collecting raw data from monitored devices. The protocols that transmit data unencrypted are Syslog, SNMPv1, & SNMPv2c. The customer assumes the risk of using unencrypted protocols in an operational environment.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Arca Common Criteria Test Laboratory processes and procedures that are compliant with the Common Criteria Evaluation and Validation Scheme (CCEVS). The evaluation demonstrated that the Security Functionality of the evaluated IBM Tivoli Netcool OMNIbus and IBM Tivoli Netcool Webtop configuration (Identification and Authentication, Discretionary Access Control, Audit, Communication, Management, Replication, and Protection of TOE Function) met the security requirements contained in the Security Target. The criteria against which IBM Tivoli Netcool OMNIbus and IBM Tivoli Netcool Webtop was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 Part II and Part III. The evaluation team conducted the evaluation using the Common Methodology for Information Technology Security Evaluation, Version 2.2.
\r\nArca CCTL concluded that the Common Criteria requirements for Evaluation Assurance Level (EAL) 2 have been met. The product, configured as outlined in the Secure Installation Guidance (Installation, Generation, and Start-Up Documentation), satisfies all of the security functional requirements stated in the Security Target. A Validation Team, on behalf of CCEVS, monitored the evaluation, which completed in July 2008. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS Validation Team.
","environmental_strengths":"The communication channels established between components of the product (ObjectServer and User Client, ObjectServer and Probes, and between ObjectServer and ObjectServer via use of Gateways), and channels established between Webtop and a remote web browser, are all protected using encryption. The encryption between all TOE components takes place entirely within the TOE software.
\r\nNote: The cryptography used in this product has not been FIPS certified nor has it been analyzed or tested to conform to cryptographic standards during this evaluation. All cryptography has only been asserted as tested by the vendor.
","features":[]}