HIP 6.0.2 is a host-based intrusion prevention system designed to protect system resources and applications. It works to intercept system calls prior to their execution and network traffic prior to their processing. If the HIP Agent determines that a call or packet is symptomatic of malicious code, the call or packet can be blocked and/or an audit log created; if it determines that a call or packet is safe, it is allowed.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the McAfee HIP 6.0.2 and ePolicy Orchestrator 3.6.1 TOE meets the security requirements contained in the Security Target.
\r\nThe criteria against which the McAfee HIP 6.0.2 and ePolicy Orchestrator 3.6.1 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the McAfee HIP 6.0.2 and ePolicy Orchestrator 3.6.1 TOE is EAL 3. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
\r\nA Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in March 2006. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
","environmental_strengths":"The TOE’s Security Functions are:
\r\nSystem Protection – The Agents are host based intrusion prevention systems designed to protect system resources and applications from attacks. The Agents accomplish this by intercepting operating system calls and comparing them to signatures symptomatic of known attacks and behavioral rules. The Agents also inspect network traffic by comparing packets to signatures symptomatic of known attacks. If a potential security violation is detected, the system call or network traffic may be allowed to proceed or be blocked. An audit event may also be generated.
\r\nAudit – The TOE generates audit records upon detection of a potential security violation or system configuration events. The audit records can be viewed by an authorized user. The TOE audit functionality includes the ability to configure what auditable events actually generate audit records.
\r\nIdentification and Authentication – The TOE requires users to identify and authenticate themselves before accessing the TOE software or before viewing any TSF data or configuring any portion of the TOE. No action can be initiated before proper identification and authentication. Each TOE user has security attributes associated with their user account that defines the functionality the user is allowed to perform.
\r\nManagement – The TOE’s Management Security Function provides administrator functionality that enables a human user to configure and manage TOE components. Configuration functionality includes enabling a user to modify TSF Data used by the TOE’s Security Functional Policies (SFPs). Management functionality includes invocation of TOE functions that effect security functions and security function behavior.
","features":[]}