The TOE is an automated real-time intrusion detection system (IDS) designed to monitor and protect IPv4 and IPv6 (simultaneously) network segments with Network Intrusion Protection System (NIPS) or passive mode (IDS) functionality. The TOE unobtrusively analyses and responds to activity across computer networks. The TOE is comprised of two components:
\r\nThe Proventia GX Series Appliances TOE component (hereafter referred to as the appliance(s), GX, GX Series, GX Appliance(s), Sensor, Agent, or as stated) provides IDS security functionality. This component includes the Proventia GX appliance hardware, the appliance resident Red Hat operating system (OS) and the Proventia GX application software image.
\r\nThe SiteProtector Version 2.0 Service Pack 8.1 component of the TOE (hereafter referred to as SiteProtector or as stated) is a software product that runs on a Microsoft Windows-based workstation and enables administrators to monitor and manage the Sensor components of the TOE.
\r\nThe Proventia GX Series TOE component provides the IDS functionality; it monitors a network or networks and compares incoming packet or packets against known packets and packet patterns that indicate a potential security violation. If a match occurs, the Proventia GX Series will create an audit record. The SiteProtector Version 2.0 Service Pack 8.1 TOE component provides management, monitoring and configuration functions to administrators. The SiteProtector management workstation connects to the appliance via TLS session, and this workstation is only used by authorized administrators for the management of the appliance.
\r\nThe TOE conforms to the U.S. Government Protection Profile Intrusion Detection System System for Basic Robustness Environments, Version 1.7, July 25, 2007 (IDSPP).
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the IBM Internet Security Systems GX Series Security Appliances Version 4.1 and SiteProtector Version 2.0 Service Pack 8.1 meets the security requirements contained in the Security Target.
\r\nThe criteria against which the IBM Internet Security Systems GX Series Security Appliances Version 4.1 and SiteProtector Version 2.0 Service Pack 8.1 was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the IBM Internet Security Systems GX Series Security Appliances Version 4.1 and SiteProtector Version 2.0 Service Pack 8.1 is EAL 2+. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
\r\nA Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in February 2012. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
","environmental_strengths":"The TOE’s Security Functions are:
\r\nSecurity Audit Function - The TOE provides an audit feature for actions related to operator authentication attempts and administrator actions. Audit data is protected from unauthorized viewing, and viewing can be customized.
\r\nIdentification and Authentication Function - The TOE requires operators to be successfully authenticated before any actions can be performed. User accounts must be defined in Windows (in the IT Environment). SiteProtector collects userid and password information through a GUI and passes that information to Windows to authenticate the user. If Windows indicates that the user is authenticated, SiteProtector looks up that userid in its database to determine the permissions associated with the user. If Windows indicates that the user is not authenticated, SiteProtector terminates the session.
\r\nSecurity Management Function - The TOE provides administrators with the capabilities to configure, monitor and manage the TOE to fulfill the Security Objectives. Security Management principles relate to Security Audit and Traffic Analysis.
\r\nTraffic Analysis Function - The TOE collects information on traffic flowing from TOE ingress points to egress points and analyzes the data against rules defined by an administrator to determine whether the traffic should be allowed or should be dropped.
\r\nProtection of Management Function - The TOE protects the connection between the SiteProtector and appliance TOE components with a TLS tunnel.
","features":[]}