The Security Target (ST) defines the Information Technology (IT) security requirements for the TechGuard Security PoliWall. TechGuard Security PoliWall is a network boundary device that rapidly determines the country of origin (category) for all incoming packets using HIPPIE™ (High-speed Internet Protocol Packet Inspection Engine) technology. Packets are filtered according to customer-defined policies, PCELs, and exception lists that are bound to rule groups for specific network addresses and protocols. PoliWall also provides Administrators with the ability to create maps by specifying one or more countries that should be allowed and customize their workspace via a graphical user interface.
","evaluation_configuration":"Several different models were used in the evaluated configuration. All contained the same security functionality and the only differences were in throughput. They are enumerated as follows:
\r\nThe following are the specifications for the TechGuard PoliWall-CCF 10 Gigabit hardware:
\r\nThe following are the specifications for the TechGuard PoliWall-CCF 1 Gigabit hardware:
\r\nThe following are the specifications for the TechGuard PoliWall-CCF 10 Megabit and 50 Megabit hardware:
\r\nThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. PoliWall v2.01.01 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 3. It has been determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL4 augmented with ALC_FLR.2 and ASE_TSS.2. Validators, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in March 2011.
","environmental_strengths":"Security Audit
\r\nIncluded in the TOE is a Comprehensive Logging Utility that maintains large rotating log histories indexed for quick access and handles large sets of information that are available for analysis. All log configurations and modifications take effect immediately and will persist when the box is rebooted if the running configuration is saved. The TOE is able to generate security alarms when a potential security violation occurs, thus notifying the TOE’s Administrators of such an event.
\r\nCryptographic Support
\r\nThe TOE utilizes cryptography across several different areas:
\r\nThe TOE generates 2048-bit RSA keys adhering to RFC 2313. The TOE zeroizes keys with a single pass of pseudo-random bytes. The TOE performs encryption and decryption with 256-bit AES keys adhering to RFC 3268 and performs hashing using SHA-1 and SHA-256 adhering to RFC 3174 and FIPS 180-2 standards. SHA-256 is used whenever possible.
\r\nIdentification and Authentication
\r\nIn order to authenticate to the TOE and perform TOE processes, Administrators must either enter (1) their username and password or (2) their username, password, and client certificate which will be defined by the Security Administrator. Upon attempting to authenticate the TOE, Administrators will have anywhere between 2 and 25 attempts at successfully logging in. The amount of attempts is configuration by the Security Administrator, and when that limit is reached, the Administrator will be locked out from logging in and subsequently performing TOE operations. There are two ways that an account can be unlocked – either manually by the Security Administrator or automatically when the specified time from the account locking has elapsed.
\r\nThe only action this is permitted to be performed without authenticating to the TOE is ICMP (ping). This is wholly up to the discretion of the Security Administrator whether or not they will allow this action to be enabled or disabled without authenticating to the TOE; all other TOE actions require Administrators to properly authenticate to the TOE.
\r\nSecurity Management
\r\nThe TOE has several roles and has the following rules associated with them:
\r\nThe TOE can revoke and enforce rules of the security attributes (such as role) associated with an Administrator’s session and services available to unauthenticated users.
\r\nUser Data Protection
\r\nThe TOE provides for enforcement of the Unauthenticated Information Flow SFP based on:
\r\nStateful packet inspection should occur when it is received unless associated with an established session. The information flow will be authorized when a flow has already been established and no changes to any policies have been made. When a flow has not been established, the information flow will be rejected if the request for access or services where the presumed source ID of the information received by the TOE is not included in the set of source identifiers for the source subject. Any previous information content of a resource should be made unavailable upon the allocation or reallocation of the resource from the list of objects.
\r\nTrusted Path
\r\nThe TOE comes pre-installed with a self-signed SSL certificate that is used to establish a secure encrypted session to the PoliWall configuration application. The appliance includes a generic server certificate. The pre-installed certificate will be overwritten after successfully configuring and installing a new server certificate. An assurance is made that a communication channel between the TOE and another IT product that provides assured identification and protection will be established. This communication will be for the purpose of updating the system time, category code database, PCELs, connection to Remote Management Console (RMC) Server, and establishment of connections from REACT Servers. The TOE will provide a trusted communications path to which remote Administrators can connect.
\r\nThe TOE’s client CA certificate specifies the certificate authority required to issue client certificates which identify Administrators connecting to the TOE. A Certificate Revocation List may be uploaded to the TOE to prevent revoked certificates issued by the client CA certificate from establishing connections to the TOE.
\r\nResource Utilization
\r\nIn the event of the failures of the Auto Update module (updates IP address listings to countries), PoliWall process module (remote administration functions and access control), and auditing modules (msglogd, syslogd, pktlogd, pktlog6d), the TOE will maintain and operate in a secure state until these failed subsystem have come back online. Information flow control will remain in operation during this time.
\r\nUnauthenticated data to be processed by the TOE is subjected to prioritization based on QoS and quotas. Once the data has priority, an operation is made on it based on the unauthenticated information flow control. When the total amount of traffic reaches the configured bandwidth limit, traffic from the high QoS countries will be allowed through the PoliWall before traffic from other countries.
\r\nTOE Access
\r\nAccess to the TOE is controlled by the Administrator’s IP address. The TOE can terminate sessions after a given amount of time of inactivity has occurred (which is predetermined by the Security Administrator). Before a session begins, a warning banner will be displayed alerting the Administrator that unauthorized access to the TOE is prohibited. Denials of access to the TOE can be made according to IP address, time, and day.
\r\nProtection of the TSF
\r\nThe TOE will maintain and provide reliable timestamps to Administrators. In order to maintain the integrity of the TOE, the TSF will run a suite of self-tests during initial start-up, periodically during normal operation, and at the request of the authorized Administrator in order to demonstrate the correct operation of the TOE. All authorized Administrators will be able to verify the integrity of TOE data and stored TOE executable code. All authorized Administrators will be able to verify the integrity of TOE data and stored TOE executable code.
","features":[]}