The NitroSecurity Intrusion Prevention System TOE is an intrusion detection and prevention system that can detect network intrusion attempts and react by actively recording and/or blocking such attempts. The TOE can pass, drop, and log packets as they arrive, based on administrator-configurable rules. When the TOE is performing intrusion detection, it is said to be operating in an “IDS mode”. When the TOE is performing intrusion prevention, it is said to be operating in an “IPS” mode.
The TOE is composed of two hardware appliance components, the NitroSecurity IPS (also known as “NitroSecurity Intrusion Protection System”, or “IPS”) and the NitroSecurity ESM (also known as “NitroView ESM”, “ESM”, or “Enterprise Security Manager”).
The NitroSecurity IPS provides network intrusion detection and prevention services for an enterprise type network. The ESM provides web-based administrator console interfaces that can be used to manage NitroSecurity IPS services and collected data that are accessible using a web browser in the IT Environment. HTTPS is used to protect the connection between the web browser in the IT Environment and the ESM appliance. The ESM offers HTTP v1.0 and v1.1 using SSL v2.0 and v3.0 or TLS v1.0 to web browsers. It is up to the web browser to request a particular combination of HTTP and SSL/TLS versions.
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the NitroSecurity TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3 and International Interpretations effective on 12 October, 2005. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3 Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 3 family of assurance requirements. The product, when configured as specified in the installation guides and user guides, satisfies all of the security functional requirements stated in the Nitro Security Intrusion Prevention System Version 7.1.3 Security Target. The evaluation was completed in April 2007. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Nitro Security Intrusion Prevention System Version 7.1.3 prepared by CCEVS.
The NitroSecurity Intrusion Prevention System TOE is a commercial intrusion and anomaly detection product that provides intrusion and anomaly detection identification and authentication, audit, protection of security functions and security management.