The Target of Evaluation (TOE) is BlueCat Networks Adonis DNS/DHCP Appliance - and Proteus IPAM Appliance. The TOE is an IP Address Management (IPAM) Solution, which provides network management of an organization’s IP infrastructure along with DNS and DHCP core services.
\r\n\r\n
The BlueCat Networks Proteus IPAM Appliance provides organizations with a scalable platform to manage their IP infrastructure. Proteus tightly integrates IP Address Management (IPAM), DNS and DHCP. The Proteus IPAM Appliance gives enterprises the ability to centrally manage, monitor and administer their entire IP address and DNS name spaces. Proteus also allows organizations to manage change and growth with support for both IPv4 and IPv6 networks and DNSSEC.
\r\n\r\n
The BlueCat Networks Adonis DNS/DHCP Appliances deliver DNS and DHCP core services. The Adonis Appliances enable organizations to streamline the implementation and management of complex DNS and DHCP infrastructures in IPv4 and IPv6 networks. Adonis also supports DNSSEC.
\r\n\r\n
The evaluated configuration includes the following:
\r\n\r\n
\r\n
All appliance hardware and the software installed on the appliances are included in the TOE.
\r\n\r\n
The evaluated configuration consists of a Proteus IPAM Appliance managing two or more Adonis DNS/DHCP Appliances.
","evaluation_configuration":"","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The TOE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R3.
\r\n\r\n
The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 R3.
\r\n\r\n
CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of Evaluation Assurance Level (EAL) 2 augmented with augmented with ALC_FLR.1.
\r\n\r\n
A team of validators, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in August 2013.
","environmental_strengths":"Security Audit Functions
\r\nThe TOE is able to audit the use of the administration/management functions. This function records successful and failed authentication of TOE users, as well as the actions taken by TOE users once they are authenticated. The TOE also audits system events.
\r\n\r\n
The TOE can be configured to send an alarm when a designated system event occurs.
\r\n\r\n
The audit data is protected by the access control mechanisms of the OS of the TOE components and by the TOE management interface. Only users with direct access to the appliances’ OS have access to the audit records. Authorized users can view and sort the audit records via the TOE management interface.
\r\n\r\n
NOTE: If the environment requires long-term storage of audit records, then the TOE should be configured to offload audit records to an external Syslog server for external storage. The TOE also supports an administrative function that allows for the manual downloading of audit trails for off appliance long-term storage.
\r\n\r\n
Identification and Authentication Functions
\r\nThe TOE requires all users to provide unique identification and authentication data before any access to the TOE is granted. User identification and authentication is done by the TSF through username/password authentication or optionally by an external authentication server.
\r\n\r\n
All authorized TOE users must have a user account with security attributes that control the user’s access to TSF data and management functions. These security attributes include user name, password, and level(s) of authorization (roles, privileges, access rights) for TOE users.
\r\n\r\n
Identification and Authentication depends on the Operational Environment to provide an external authentication server if that feature is configured. It also depends on the Operational Environment to provide secure communications between the TOE and the external authentication server.
\r\n\r\n
Security Management Functions
\r\nThe TOE provides a web-based management interface for all run-time TOE administration. The ability to manage various security attributes, system parameters and all TSF data, and to run the administrative functions is controlled and limited to those users who have been assigned the appropriate administrative roles, permissions and access rights.
\r\n\r\n
Security management relies on a platform in the Operational Environment with a properly configured Web Browser to support the web-based management interfaces.
\r\n\r\n
Protection of Security Functions
\r\nThe TOE ensures that data transmitted between separate parts of the TOE are protected from disclosure or modification. This protection is ensured through various methods including encryption and mutual, certificate-based authentication.
\r\n\r\n
The TOE provides NTP capabilities for its own use.
\r\n\r\n
TOE Access Functions
\r\nThe TOE will terminate a user’s administrative session after a specified period of inactivity.
\r\n\r\n
Network Management Functions
\r\n\r\n
The TOE will issue alarms when a DHCP range is above or below defined watermarks.
\r\n\r\n
The TOE implements DNSSEC in accordance with Internet Engineering Task Force (IETF) specifications to secure DNS data transmission.
\r\n\r\n
The TOE provides automatic discovery and IP reconciliation for both IPv4 and IPv6. The TOE identifies conflicts based on DNS host names, IP addresses and MAC addresses for network devices. After discovery, the TOE compares the changes to identify unused IP addresses for reclamation and help uncover unauthorized IP addresses that can create security vulnerabilities.
\r\n\r\n
The TOE implements a basic form of Network Access Control based on the requesting client’s MAC address. A request for a dynamic IP address (and therefore access to the network) can be allowed or denied based on the client’s MAC address being present in an access list.
","features":[]}