The TOE is designed to reside between untrusted users on an unprotected network and a protected network. Its purpose is to limit access to the resources on the protected network and provide for management of those resources from a centralized location.
\r\nThe appliance requires all users to perform authentication to it using an identifier and a password. Once successful logon has occurred, administrators can perform management. When users log into the appliance they are doing so in order to access a device (e.g., service, network device) located on the protected network behind the appliance. Users are subject to an access control policy enforced by the appliance when they attempt to access a protected resource. The access control policy enforced on users is based upon user identity and services provided by the backend device. Users are given access to particular services on specific devices.
","evaluation_configuration":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Xceedium GateKeeper 5.2.1 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2, September 2007. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 2, September 2007. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL4 augmented with ALC_FLR.2 family of assurance requirements. The product, when configured as specified in the Xceedium GateKeeper Administration Guide satisfies all of the security functional requirements stated in the Xceedium GateKeeper 5.2.1 Security Target, Version 2.9, 3 February 2011. Two Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in March 2011. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID10350-2011, dated 25 March 2011.
","environmental_strengths":"The security environment assumes physical protection and the TOE itself offers only a very limited interface and can only be configured during initialization, offering essentially no opportunity for an attacker to subvert the security policies without physical access. As such, it is believed that EAL4 augmented with ALC_FLR.2 provides an appropriate level of assurance in the security functions offered by the TOE. Within such environments it is assumed that attackers will have little attack potential. Xceedium GateKeeper 5.2.1 supports the following six security functions:
\r\nSecurity Audit: The TOE Web Server generates audit records related to the authentication and management of the TOE that are stored and protected in an internal database. The TOE records attempts to access itself, such as successful and failed authentication attempts, as well as the actions taken by users once authenticated. The appliance generates audit records for all access control decisions it makes. All auditable actions can be found in Active Logins, Sessions, Logs and Report interface. The Logs Report Parameters screen allows administrator selection of the specific report information to be generated.
\r\nCryptographic Support: The TOE has been FIPS 140-2 evaluated and is configured to run in FIPS mode in the evaluated configuration. The TOE implements SSL to all user communication with the TOE. Users establish an SSL connection to the TOE before submitting a username/password to perform authentication. Users then use the SSL channel to transmit all information to the TOE. The TOE also supports x509v3 certificate generate and validation.
\r\nUser Data Protection: The TOE enforces an access control policy that controls access between users and devices. Access to devices is limited based upon the user identifier associated with the requestor and device service access list. A user can access a given service on a given device if the device service access control list specifically allows access to the requested service for the device. The TOE also supports two additional policies that can be configured in addition to the basic device access policy. The first policy limits access to particular sockets on devices and the second perform keyword filtering on device commands.
\r\nIdentification and Authentication: The TOE requires users to provide unique identification and authentication data before any access to the system is granted. The TOE supports password, client certificate, and external LDAP authentication. The TOE also maintains security privileges used for role assignments.
\r\nSecurity Management: An authorized administrator is any user that has an administrative privilege. Users with no administrative privileges are simply called users. The TOE is managed through the Administrative modules (Config, Services, Sessions, Users, Devices, Policy), accessed via a SSL web-based interface. Through this interface all TOE management can be performed, including user management and the configuration of IT devices access functions. This interface is restricted to authorized administrators, which provides the administrator the ability to set user attributes and privileges, as well as assign privileges for different levels of administrative access.
\r\nProtection of the TSF: The TOE is a hardware appliance that contains a custom operating system that runs in firmware, and supports only trusted processes. The GateKeeper appliance provides no file abstractions or permanent storage for user access for “executables” to remain for further execution. Furthermore, the TOE has been carefully designed to offer well-defined interfaces that ensure that access to protected resources is subject to the applicable GateKeeper security policies. The agents are service processes on Windows or daemon processes on UNIX. In either case, the operating system provides a separate address for the agent to run. Additionally, all communication between the appliance and agent is protected using SSL. If the TOE is configured in a cluster and one GateKeeper becomes unavailable, another GateKeeper will automatically start receiving all requests and will maintain a secure state. The TOE also generates timestamps for use within the audit trail or can optionally get time from an NTP server.
","features":[]}