The AirDefense Guard enterprise solution is an intrusion detection system for 802.11b wireless networks. It is designed for full-time monitoring of the wireless traffic received or transmitted by 802.11b devices in an enterprise wireless local area network. The AirDefense Guard enterprise solution consists of a Server and some number of distributed Remote Sensors.
\r\nThe physical boundary of the TOE included the Server software and the Remote Sensor software. The underlying hardware and operating system platforms that are part of the product were not included in the evaluation .
\r\nThe Remote Sensors have a wireless network adapter operating on the 802.11b standard. Each Remote Sensor covers approximately 40,000 square feet. Remote Sensors should be installed on the monitored network to cover the entire footprint of the network. This will help ensure that any wireless traffic received or transmitted by access points on the network is also received by the TOE. When a Remote Sensor receives wireless traffic, the headers for the traffic are sent to the central Server for real-time processing to identify security risks, enforce corporate wireless policy and provide reporting and notification capabilities.
\r\nThe Server can support up to 500 Remote Sensors. The Server processes the wireless traffic headers that each of its Remote Sensors sends to it to identify mis-configured devices or detect security threats. The TOE can detect denial of service (DoS) attacks, wireless identity thefts, and violations of site-specific security policies (Allowable Use Policies) that can be crafted by the site administrator.
\r\nThe Administrator can centrally define the Allowable Use Policies upon several attributes of the monitored traffic. These are wireless authentication mode, channel (wireless broadcast frequency), connection rate, Service Set Identifier (SSID) broadcast status, wireless protocol (e.g. WEP), authorized access points ID, host ID, date, and time of day.
\r\nThe AirDefense Guard enterprise solution provides the following security functions:
\r\nSecurity Audit - The TOE generates audit records on standard system security events like start-up and shutdown. Additionally, events are generated when traffic analysis suggests a denial of service attack, an identity theft attack, or when traffic that doesn’t match Allowable Use Policies is detected. Users are also able to peruse audit events through the Server GUI and CLI interfaces, report on historical wireless activity, and generate policy compliance reports.
\r\nIdentification and Authentication - The user roles are Administrator, Network Operator, and Guest. The TOE requires the users to be authenticated before any access to the management interfaces is granted. Authentication requires a proper username and password combination.
\r\nSecurity Management - The TOE provides the ability for the Administrator to create and manage Allowable Use Policies. These policies are created and managed through the web-based administrative interface. The attributes these policies can be based on are wireless authentication mode, channel (wireless broadcast frequency), connection rate, Service Set Identifier (SSID) broadcast status, wireless protocol (e.g. WEP), access point ID, host ID, date, and time of day. A graphical interface supports creating policies. The Administrator can use HTTP pull-down menus to specify the attributes they wish to include in a policy, then an input field or pull-down menu to specify the value that the attribute must meet.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the AirDefense Guard TOE meets the security requirements contained in the Security Target.
\r\nThe criteria against which the AirDefense Guard TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the AirDefense Guard TOE is EAL 2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
","environmental_strengths":"The AirDefense Guard enterprise solution is delivered as a Server appliance and at least one Sensor appliance. The Server is a dedicated computer running hardened Linux. The hardened Linux has all services disabled except those that are required to support the TOE, e.g. FTP and Telnet are disabled. The Server is also running custom software that provides the interfaces and functionality for the Server portion of the TOE; this includes Open SSL for secure communications.
\r\nThe Remote Sensors are dedicated appliances running hardened Linux. Custom software is running on these appliances to provide the interfaces and functionality for the Remote Sensor portion of the TOE. When a Remote Sensor receives wireless traffic, the headers for the traffic are sent to the Server for processing. These communications are encrypted to protect their integrity. This encryption capability is built into the Remote Sensor and the Server.
\r\n","features":[]}