{"product_id":10179,"v_id":10179,"product_name":"TippingPoint Intrusion Protection System (IPS) E-Series (5000E, 2400E, 1200E, 600E, 210E), Software Version 2.5.3.6933","certification_status":"Not Certified","certification_date":"2008-09-05T00:09:00Z","tech_type":"Wireless Monitoring","vendor_id":{"name":"Tipping Point","website":"www.tippingpoint.com"},"vendor_poc":"Freddie_Jimenez@3com.com","vendor_phone":"512-681-8000","vendor_email":"Freddie_Jimenez@3com.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"

The TippingPoint Intrusion Prevention System (IPS) E-Series is a network-based intrusion prevention system that monitors a network for potentially malicious and anomalous traffic. This system identifies such traffic through rules and algorithms designed to distinguish normal data flows from suspect ones. 

\r\n
The principal component of the TippingPoint system is the Intrusion Prevention System device. All of the functionality of the IPS runs directly on a single device. A single IPS can be installed at the perimeter of the network or on an Intranet or both. TippingPoint E-Series IPS devices can secure up to 5 network segments depending upon the model.
\r\n
The IPS scans and reacts to network traffic according to the filter instructions, or action set. To protect a multi-segment network, an appliance enforces a different set of filters to manage (and block) the traffic and malicious attacks on each segment. Action sets in these filters provide the instructions for the device to block traffic, permit traffic, and send alerts.
\r\n
The IPS allows its administrative users to manage either a single filter or a TippingPoint-defined grouping of filters (category of filters) via the Management Interface. The Management Interface provides the capability to perform management operations using either the Command Line Interface (CLI) or Local Security Manager (LSM) web-based interfaces. These interfaces allow logged in users with appropriate authorization to
\r\n
·         Create, delete and change user accounts,
\r\n
·         Query or clear audit log, Block log, and Alert log data
\r\n
·         Define the audit configuration,
\r\n
·         Manage configuration of filters (both categories/groups and individual filters),
\r\n
·         Manage the system data log, and
\r\n
·         Define users to receive alarms
","evaluation_configuration":null,"security_evaluation_summary":"

 The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TippingPoint Intrusion Prevention System (IPS) E-Series Version 2.5.3.6933 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 augmented with ALC_FLR.2 and AVA_MSU.1 family of assurance requirements. The product, when configured as specified in the TippingPoint IPS E-Series TOS ver. 2.5.3 Evaluated Installation Guide, satisfies all of the security functional requirements stated in the TippingPoint Intrusion Prevention System (IPS) E-Series Security Target, Version 1.0. The evaluation was completed in May 2008. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10179-2008, dated 5 September 2008) prepared by CCEVS.

","environmental_strengths":"

The TOE is a commercial product whose users require a low to moderate level of independently assured security. TippingPoint Intrusion Prevention System (IPS) E-Series is expected to be located within a non-hostile environment and embedded in or protected by other products designed to address threats that correspond with the intended environment. The security environment also assumes that the TOE components are physically protected. The TOE is also restricted from administration via its monitoring interface(s), which prevents offering any opportunity for an attacker to bypass the security policies without access to the administrative interfaces

\r\n
TippingPoint Intrusion Prevention System (IPS) E-Series supports the following five security functions:
\r\n
 
\r\n
Security Audit
\r\n
The TOE generates audit events for the start up and shutdown of audit functions, access to the TOE and system data, all use of the authentication and identification mechanism and all modifications made to the security function configuration and to the values of TSF data, and to the group of users that are part of a role.  Only the user assigned to the superuser role can read the audit information via the TOE’s management interfaces. The auditable events can be sorted and can be included or excluded from the set of audited events based on event categories. When the audit storage space becomes exhausted, only the oldest audit records are purged to ensure adequate disk space for the more recent auditable events.  Note that the IDS_SDC and IDS_ANL requirements address the recording of results from IPS sensing and analyzing tasks (i.e., System data).
\r\n
Identification and Authentication
\r\n
The TOE provides the capability to manage the user attributes for the operator, administrator, and superuser roles. The security attributes managed by the TOE include user identity, authentication data, authorizations (roles), password expiration, security level, information, and other user specific parameters.
\r\n
 
\r\n
Security Management
\r\n
The TOE restricts the ability to modify the behavior of the functions of System data collection, analysis and reaction to users associated with the Administrator or Superuser role. These roles have the ability to modify the security policies that determine how System data is analyzed, displayed, and reacted to. Users with the Operator role only have the ability to view the security policies that affect how the System data is analyzed, displayed, and reacted to. The TOE also provides the capability to manage user accounts, audit data, audit configurations, and security policies.  
\r\n
Protection of the TSF
\r\n
The TOE ensures that TSP enforcement functions are invoked and succeed before each function within the Threat Suppression Engine (TSE) is allowed to proceed. This is accomplished by verifying that the set of permitted activities defined within the role(s) associated with the user allows the requested operation to be performed prior to allowing the operation to be performed. Users must log into the Management Interface before any functions can be executed. The TOE also provides the TSE a security domain for its own execution that protects it from interference and tampering of any untrusted subjects by providing separate interfaces for the sensing and management of the sensor.
\r\n
Intrusion Detection (EXP)
\r\n
The Threat Suppression Engine (TSE) provides the IPS with the sensing capabilities to collect network traffic, generate alert records for certain network traffic, block certain network traffic and pass along certain network traffic. The TOE performs signature-based analysis of traffic as it flows through the IPS. The TOE decodes protocol headers to support reconstructing fragmented packets or flows. Once decoded, the TOE uses installed filters to achieve desired protections for the protected network segments (e.g., traffic shaping, flow blocking, flow state tracking and application-layer parsing of network protocols).   Analysis methodologies match specific signatures or patterns (associated with filters) that may characterize attack attempts to characteristics of known attacks. This analysis qualifies the severity of the potential threat. For each event in which data is collected, the IPS records the date and time of the event, type of event, subject identity, and the outcome (success or failure) of the event.
\r\n
 
","features":[]}