The Target of Evaluation (TOE) is HP TippingPoint Intrusion Prevention System (IPS) devices, comprising:
\r\nThe TOE is a hardware-based intrusion prevention platform comprising the HP TippingPoint Intrusion Prevention System (IPS) devices, including the models S6100N, S5100N, S2500N, S1400N, and S660N running TippingPoint Operating System v3.2.1, and the models S330, S110 and S10 model appliances running TippingPoint Operating System version 3.1.4. The IPS devices consist of network processor technology and HP Networking’s own set of custom Field Programmable Gate Arrays (FPGAs) and are hardware and software appliances that contains all the functions needed for intrusion prevention, including Internet Protocol (IP) defragmentation, TCP flow reassembly, statistical analysis, traffic shaping, flow blocking, flow state tracking and application-layer parsing of network protocols.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the HP TippingPoint Intrusion Prevention Systems TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2. The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 2. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL3 assurance requirements package, augmented with ALC_FLR.2 (Flaw reporting procedures). The product satisfies all of the security functional requirements stated in the HP TippingPoint Intrusion Prevention Systems Security Target, when configured as specified in the evaluated guidance documentation.
\r\nA validation team on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in August 2011. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10345-2011), prepared by CCEVS.
","environmental_strengths":"The HP TippingPoint Intrusion Prevention Systems TOE provides a moderate level of assurance in a conventional TOE and is suitable for a relatively benign environment with good physical access security and competent administrators.
\r\nHP TippingPoint Intrusion Prevention Systems supports the following security functions:
\r\nSecurity Audit
\r\nThe TOE is able to generate auditable events for the basic level of audit. It provides Superuser administrative users with the ability to review audit records stored in the audit trail and prevents other administrative user roles from reviewing the audit data. Superuser administrative users are able to select auditable events to be audited, based on event type. The audit records are stored in the underlying file system, where they are protected from unauthorized modification and deletion. When the space available for audit storage is exhausted, the oldest 50% of audit records are deleted and an audit record to this effect is generated..
\r\nIdentification and Authentication
\r\nThe TOE identifies and authenticates all administrative users[1] of the TOE before granting them access to the TOE. The TOE associates a user identity, authentication data (password), and authorizations (or security role) with each user. The TOE enforces minimum requirements for the construction of user passwords and provides a mechanism to lock or disable a user account after a configured number of consecutive failed attempts to logon.
\r\nIntrusion Detection and Prevention
\r\nThe TOE collects network traffic and subjects it to statistical and signature-based analysis, depending on configured IPS filters. If the analysis of collected network traffic indicates a potential intrusion attempt, an action set associated with the detecting filter is triggered. The action set determines if the traffic is permitted or blocked. If traffic is permitted, an alert will be written to the System data log (specifically, the Alert log). If traffic is blocked, writing an alert to the System data log (specifically, the Block log) is configurable—in the evaluated configuration, action sets that block traffic must also be configured to generate an alert. In addition to writing to the System data, the TOE can generate alerts in the form of a notification to a syslog server, email address, or SNMP server. The TOE provides capabilities for the administrative users to review the System data logs. The TOE protects the System data logs from modification and deletion. When the space available for System data storage is exhausted, the oldest 50% of System data is deleted and an audit record to this effect is generated.
\r\nTraffic Management
\r\nThe TOE can be configured to operate as a firewall, blocking or permitting network traffic based on protocol or IP address and port. Network traffic that is permitted based on traffic management filtering is still subject to IPS filtering, unless the traffic management filter is configured to allow traffic through the device without IPS filtering. On the S6100N, S5100N, and S2500N models, inspection bypass rules can be configured that permit matching network traffic to pass through the TOE without being subject to either traffic management or IPS filters.
\r\nSecurity Management
\r\nThe TOE defines three security management roles: Superuser; Administrator; and Operator. The TOE provides the security management functions to enable the administrative users to manage user accounts, audit data and audit configurations, security configuration data, traffic management filters, and System data collection, analysis, and reaction. The Superuser role has full access to all management functions and data. The Administrator role is restricted to managing IPS and traffic management filters and reviewing configuration and System data. The Operator role is restricted to reviewing configuration and System data.
\r\nProtection of the TSF
\r\nThe TOE includes its own time source for providing reliable time stamps that are used in audit records and stored System data.
\r\nTrusted Path/Channels
\r\nThe TOE provides a trusted path for remote administrative users of the TOE to communicate with the TOE. The trusted path is implemented over the network management port using HTTPS for access to the LSM and SSHv2 for access to the CLI. Remote users initiate the trusted path by establishing an HTTPS connection (using a supported web browser) or SSH session (using an SSH client). The trusted path is used for initial authentication and all subsequent administrative actions. The use of HTTPS or SSHv2 ensures all communication over the trusted path is protected from disclosure and undetected modification.
\r\nThe TOE supports a FIPS mode of operation and, when configured in FIPS mode, will allow only FIPS 140-2 approved cryptographic algorithms to be used. All models of the TOE have completed FIPS 140-2 validation (Certificate #1545). Note the TOE is not required to operate in FIPS mode to be in the evaluated configuration—the choice to do so or not is left up to the customer.
\r\nTrusted Path/Channels
\r\nThe TOE provides a trusted path for remote administrative users of the TOE to communicate with the TOE. The trusted path is implemented over the network management port using HTTPS for access to the LSM and SSHv2 for access to the CLI. Remote users initiate the trusted path by establishing an HTTPS connection (using a supported web browser) or SSH session (using an SSH client). The trusted path is used for initial authentication and all subsequent administrative actions. The use of HTTPS or SSHv2 ensures all communication over the trusted path is protected from disclosure and undetected modification.
\r\nThe TOE supports a FIPS mode of operation and, when configured in FIPS mode, will allow only FIPS 140-2 approved cryptographic algorithms to be used. All models of the TOE have completed FIPS 140-2 validation (Certificate #1545). Note the TOE is not required to operate in FIPS mode to be in the evaluated configuration—the choice to do so or not is left up to the customer.
\r\n[1] That is, those users who access the TOE for administrative purposes via the network management port or console port. Since the TOE is invisible to users on the networks being monitored by the TOE, there is no concept of such users being able or required to identify or authenticate themselves to the TOE.
","features":[]}