In the context of this evaluation, the TOE is a network device that provides a secure base for its other operational functions, primarily involving auditing, cryptographic support (for network communication and update integrity), user identification and authentication, secure management, and secure product updates.
\r\nThe product is designed to plug into a network and to actively examine and discover the network infrastructure. To that end it can identify and examine network connected assets such as hosts and other network devices in order to create a view of the routed infrastructure associated with the attached network. It primary functions include:
\r\nNetwork Discovery – Identifies all network address spaces, routing devices and connectivity flows across the network (including “stealth” assets, that is hidden devices that do not respond to queries) utilizing advanced multi-protocol discovery technology, and creates a comprehensive route-based topology that identifies a network’s true perimeter. Host Topology Visualization / Layer 2: An optional product module supports layer 2 topology mapping, stealthy device identification, guest network and extranet security, VLAN compliance and Virtual Machine identification. The TOE can be operated with or without this module present.
\r\nHost Discovery – Detects all known and previously unknown network devices by conducting a census of IP addresses across protocols. Flags devices unrecognized by official network inventories for remediation.
\r\nLeak Discovery – Reveals unauthorized connections between a network and another network, sub-net, or the Internet, and determines whether access is outbound, inbound or both. Leak discovery highlights unknown connections into other organizations (e.g., legacy divestiture connectivity) or to the Internet.
\r\nDevice Discovery – Identifies web services, wireless access points and IP applications active on hosts and devices – including those not owned by the client or its employees – pinpointing resources for which tested ports are active. Additionally, Layer 2 discovery matches a device’s unique MAC address with its assigned IP address, providing crucial information for asset management and diagnostics.
\r\nNote that while these are the primary functions of the product, the evaluation does not specifically address these capabilities. Rather, the evaluation (and hence this security target) focuses on the security of the device as a network infrastructure component as required in Protection Profile for Network Devices.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 3, July 2009 describes the criteria against which Lumeta IPsonar 5.5C was judged. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 3, July 2009. Leidos CCTL determined that the TOE satisfies the security requirements specified in Protection Profile for Network Devices, Version 1.1, 8 June 2012. The product satisfies all the security functional requirements stated in Lumeta IPsonar Security Target, Version 1.0, 7 October 2013, when delivered and configured as described in
\r\nIPsonar Administrator Guide, Lumeta Corporation, Document Reference IP_55_AG, version 1, 4 December 2012
\r\nAccess Accountability: Managing Console Login Accounts, Lumeta Corporation, document reference IP_TN_Accountability, revision 3, 4 December 2012.
\r\nA validation team on behalf of the CCEVS Validation Body monitored the evaluation carried out by Leidos. The evaluation was completed in October 2013. Results of the evaluation can be found in CCEVS Validation Report (report number CCEVS-VR-VID10506-2013), prepared by CCEVS.
","environmental_strengths":"The evaluation of the Lumeta IPsonar 5.5C TOE provides assurance that the security functions implemented by the TOE satisfy the security functional requirements specified in Lumeta IPsonar Security Target and the guidance documentation describes how to use the TOE in a secure fashion. Assurance was achieved by the performance of the assurance activities specified in Protection Profile for Network Devices. Lumeta IPsonar 5.5C implements the following security functions.
\r\nSecurity audit – The TOE is designed to be able to generate logs for a wide range of security relevant events. The TOE uses FreeBSD-based auditing features that can be configured to store the logs locally so they can be accessed by an administrator and also sent to a remote log server using syslog-ng in order to protect the exported records using TLS.
\r\nCryptographic support – The TOE includes the FIPS-certified OpenSSL FIPS Object Module (FIPS 140-2 Cert. #1051) (valid on compatible operating systems along with CAVP algorithm testing specific to IPsonar 5.5) that provides key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols including SSH and TLS/HTTPS.
\r\nUser data protection – The TOE performs a variety of network infrastructure detection functions, but as a rule does not pass data among network entities. The exception is that data is passed among distributed TOE appliances. Otherwise, it collects data from the network and attached components and ultimately forwards information to TOE administrators.
\r\nRegardless, the TOE is designed to ensure that memory and other storage resources are reused properly to mitigate potential data corruption or repetition.
\r\nIdentification and authentication – The TOE requires users to be identified and authenticated before they can use functions mediated by the TOE. It provides the ability to both assign attributes (user names, passwords and roles/privilege levels) and to authenticate users against these attributes. Users can optionally be configured with public certificates so that PKI-based authentication can be used.
\r\nSecurity management – The TOE provides menu-driven console (Console) commands and a Web-based Graphical User Interface (Web GUI) to access the wide range of security management functions to manage its security policies. Security management commands are limited to authorized users (i.e., administrators) only after they have provided acceptable user identification and authentication data to the TOE. The security management functions are controlled through the use of privileges associated with roles that can be assigned to TOE users.
\r\nProtection of the TSF – The TOE implements a number of features design to protect itself to ensure the reliability and integrity of its security features. It protects particularly sensitive data such as stored passwords and private cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability). Note that the TOE is a single appliance or an associated collection of appliances acting together. The communication between associated appliances is protected using TLS. The TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.
\r\nTOE access – The TOE can be configured to display an informative banner when an administrator establishes an interactive session and subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session (local or remote) will be terminated.
\r\nTrusted path/channels – The TOE protects interactive communication with administrators using SSHv2 for Console access or TLS/HTTPS for Web graphical user interface access. In each case, both integrity and disclosure protection are ensured. If the negotiation of an encrypted session fails or if the user does not have authorization for remote administration, an attempted connection will not be established.
\r\nThe TOE protects communication with an audit log server using TLS connections as part of a syslog-ng implementation to prevent unintended disclosure or modification of logs.
","features":[]}