The intended usage of the TOE is to provide secure communications on a new or existing network (intranet) through the addition of the Unisys Stealth Solution for Network product; allowing multiple communities of interest (COIs) exchanging information to share the same IT infrastructure, securely and transparently. A COI is a group of users who need to share data among themselves, but cannot permit anyone not in their COI to share their data. Each COI is isolated from all other COIs; and information flow is restricted to users in the same COI.
\r\nThe TOE provides a gateway to external networks, allowing controlled information flows between devices on the internal secured network and the external network based on pre-established information flow control rules. The gateway hides all devices on the internal secure network from the external network.
\r\nThe TOE operates at the top of Link Layer (L2) of the OSI network protocol stack, and is transparent to protocols and applications at or above the Network Layer (L3); therefore, no changes are required to the those protocols and applications.
\r\nThe TOE is comprised of components ordered from Unisys and components specified by Unisys but provided by the customer. The Unisys components are ordered as Part Number “Stealth Solution for Network 1.4.2”, which consists of hardware and software components that are integrated into the customer’s new or existing network, i.e., those components provided by the customer.
\r\nAs a condition of sale, the TOE must be installed and configured by Unisys Field Engineering personnel to ensure the correct deployment of the TOE into the target network.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation of the Unisys Stealth Solution for Network product was performed by InfoGard
\r\nLaboratories, Inc., in San Luis Obispo, CA in the United States and was completed in November,
\r\n2010. The evaluation was conducted in accordance with the requirements of the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The Unisys Stealth Solution for Network product was judged against the Information Technology Security Evaluation, Version 3.1r3 July 2009 criteria and evaluated against the Common Evaluation Methodology for IT Security Evaluation (CEM), Version 3.1r3, July 2009 criteria.
\r\n\r\n
The InfoGard Laboratories evaluation team determined that the Evaluation Assurance Level (EAL) is EAL 4 augmented with ALC_FLR.2 (flaw reporting procedures). The product, when configured as specified in the Unisys Stealth Solution for Network Common Criteria Supplement, satisfies the Security Functional Requirements (SFRs). Two Validators on behalf of the CCEVS Validation body monitored the evaluation. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10304-2011) prepared by CCEVS.
","environmental_strengths":"The intended usage of the TOE is to provide secure communications on a new or existing network (intranet) through the addition of the Unisys Stealth Solution for Networks product; allowing multiple communities of interest (COIs) exchanging information to share the same IT infrastructure, securely and transparently. A COI is a group of users who need to share data among themselves, but cannot permit anyone not in their COI to share their data. Each COI is isolated from all other COIs; and information flow is restricted to users in the same COI.
\r\nThe TOE provides a gateway to external networks, allowing controlled information flows between devices on the internal secured network and the external network based on pre-established information flow control rules. The gateway hides all devices on the internal secure network from the external network.
\r\nThe TOE operates at the top of Link Layer (L2) of the OSI network protocol stack, and is transparent to protocols and applications at or above the Network Layer (L3); therefore, no changes are required to the those protocols and applications.
\r\nThe Unisys Stealth Solution for Network provides the following security functions:
\r\nAudit Services
\r\nThe TOE provides audit services that allow audit administrators to detect and analyze security relevant events. The audit trail contains invaluable information that can be used to
\r\n\r\n
The TOE has the ability to collect audit data, review audit logs, protect audit logs from overflow, and restrict access to audit logs. Audit information generated by the system includes date and time of the event, user who caused the event to be generated (if known), and other event specific data. Tools are provided so the audit administrator(s) can review audit logs, which are stored and protected in the TOE file system.
\r\nCryptographic Services
\r\nThe TOE provides cryptographic mechanisms to protect TSF code and data, including mechanisms to encrypt, decrypt, hash, digitally sign data, and perform cryptographic key agreement.
\r\nUser Data Protection
\r\nThe TOE protects user data by enforcing the access control, information flow control and, residual information protection. The TOE uses access control methods to allow or deny access to objects, such as files and directory entries; it uses information flow control methods to control the flow of network traffic and protects user data by ensuring that resources exported to user-mode processes do not have any residual information.
\r\nIdentification and Authentication
\r\nThe TOE configuration workstation performs local identification and authentication using Windows XP OS mechanisms. It requires each user to be identified and authenticated (using a username and password) prior to performing any functions, maintaining a local database of accounts including their identities, authentication information, group associations, and privilege and logon rights associations.
\r\nThe TOE client workstation uses Windows XP OS Active Directory mechanism to identify and authenticate users (using a username and password) prior to performing any functions.
\r\nThe TOE Gateway appliance is “headless” and does not support direct logon; Windows XP OS is configured to allow clients to establish connections to the appliance for audit and security management functions prior to identification and authentication. These connections are then subject to identification and authentication by the server-side programs using username and passwords.
\r\nThe TOE includes a set of functions that allows management of identification and authentication functions, including the ability to define minimum password length.
\r\nSecurity Management
\r\nThe management of the security critical parameters of the TOE is performed by the authorized administrators. The administrative tasks are separated by roles using commands that require specific privileges for system and audit management; they require users to possess appropriate privileges to execute them. Security parameters that require authorization are stored in specific files that are protected by the access control mechanisms of the TOE against unauthorized access by users that are not authorized administrators.
\r\nProtection of the TSF
\r\nWhile in operation, the TOE depends on the hardware Memory Management Unit (MMU) to provide hardware enforced domain separation for all components addressed by the CPU, e.g., memory and other hardware addressable by the CPU. This provides protection for system firmware residing on the hardware, components such as disk controllers, network interfaces, display devices, as well as system memory. Hardware protection of system memory affords domain separation of the underlying memory resident objects such as kernel code and data, and user processes and data. Additionally, this enables the kernel memory and process management components ensure user processes cannot access kernel storage or storage belonging to other processes.
\r\nThe TOE depends on the CPU to support two types of hardware components: those directly accessible to user processes (a subset of the CPU registers and memory); and those accessible by kernel (all CPU registers, memory and hardware) that the kernel protects from direct access by user programs.
\r\nNon-kernel TSF software and data are protected by access control and process isolation mechanisms. In the evaluated configuration, discretionary access control mechanisms prevent non-privileged users from accessing the files and directories containing TSF configuration data. Other access control mechanisms grant only an authorized administrator the privilege necessary to access programs that access TSF configuration data.
\r\nThe combination of the hardware memory protection, memory and process management components, access control mechanisms, and process isolation mechanisms, provide sufficient protections such that the TSF cannot be bypassed, corrupted, or otherwise compromised.
","features":[]}