The TOE is the LogLogic v4.6.1 Open Log Management Platform on the LX and ST families of appliances. The TOE is compliant with the Intrusion Detection System (IDS) Analyzer protection profile and provides administrative alerts, flexible reporting, and searching on the analyzed data and long term storage of unaltered event logs.
\r\nLog data is collected by the TOE from networked third-party sources such as firewalls, VPN concentrators, servers, routers and switches, storage devices, and applications (commercial and custom developed). When administrator-defined alerts are triggered, the TOE sends alert notifications to the administrative interface or to other servers via SNMP, SMTP or syslog. The Analyzer data is stored in a database for viewing, searching, and reporting, and in raw unaltered form on the file system for searching and long-term storage.
\r\nThe LogLogic v4.6.1 TOE is composed of two families of physically distinct components. The LX series of appliances normalizes event log data, stores it in a database, and provides analysis, alerting, and reporting through metalog creation. The LX appliance provides searching and flexible reporting via built-in customizable report templates. The ST series of appliances archives unaltered logs for long-term retention. The LX and ST appliances communicate with each other over an encrypted and mutually authenticated TCP tunnel providing for the secure transfer of logs or archiving. Adding additional appliances scales the solution as the monitored network and log data volume grow.
\r\n\r\n
The full list of excluded functionality is provided in the Security Target as well as in the Validation Report.
","evaluation_configuration":"The following conditions must be met for the TOE to be deployed in the evaluated configuration:
\r\nThe evaluation of the LogLogic v4.6.1 Open Log Management Platform was performed by the Arca Common Criteria Testing Laboratory (CCTL) in the United States and was completed during May 2009. The evaluation team determined the product conforms to Common Criteria Version 3.1 Revision 2, Part 2 extended and Part 3 conformant, and meets the requirements for Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.2.
\r\nFor this evaluation, it was appropriate for the Security Target to claim compliance with the external standard for RSA, AES, TDES, and Blowfish for the definition of the encryption algorithm. There are many ways of determining compliance with a standard. LogLogic v4.6.1 Open Log Management platform has chosen to make a developer claim of compliance. This means that there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithms actually meets the claimed standards. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user's requirements.
","environmental_strengths":"The LogLogic v4.6.1 Open Log Management Platform is a commercial product that analyzes event logs for network anomalies or security policy breaches and provides Traffic Flow Control (for network traffic sent to the appliances, traffic does not pass through the appliances), Secure Communications (secure communication channels for remote administration, and inter-appliance communication), and High Availability function as well as more standard functions of Auditing, Identification and Authentication, Security Management, and Self-Protection. To securely provide these functions, the deployed LogLogic appliances must be appropriately protected from physical attacks.
","features":[]}