The product provides stateful inspection firewall capabilities and consists of the Defense Center (DC) and Devices. The DC provides a centralized management console and event database for the system, and aggregates and correlates data from managed devices. Devices monitor all network traffic for security events and violations, and can alert and/or block malicious traffic as defined in the intrusion and access control rules. The TOE in the evaluated configuration deploys at least one DC managing one or more Devices. Each model of the TOE consists of a set of appliances that vary primarily based on the processing power, memory performance, disk space, and port density. For more information, please refer to the “Hardware Specifications” section in the Sourcefire 3D System Installation Guide.
","evaluation_configuration":"","security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Sourcefire 3D System meets the security requirements contained in the Security Target.
\r\nThe criteria against which the Sourcefire 3D System was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1.
\r\nThe COACT, Inc. CAFE Lab determined that the Sourcefire 3D System meet the NDPPv1.1 Errata 2 and Extended Package Stateful Traffic Filter Firewall. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
\r\nA Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in August 2014. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
","environmental_strengths":"The TOE’s Security Functions are:
\r\nSecurity Audit: The TOE generates audit event records for security-relevant events and transmits them to a remote audit server using a secure protocol.
\r\nCryptographic Support: The TOE includes cryptographic functions that provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and asymmetric key generation features in support of higher level cryptographic protocols including TLSv1, HTTPS, and SSHv2. The TOE algorithms were validated through the Cryptographic Algorithm Validation Program (CAVP).
\r\nUser Data Protection: The TOE is designed to ensure its own internal integrity as well as to protect user data from potential, unintended reuse by clearing resources as they are allocated to create network objects.
\r\nStateful Traffic Filtering: The TOE provides access control and intrusion protection to the monitored network. The TOE supports access control policy with stateful inspection rules that provide granular control over how the system handles and logs network traffic.
\r\nIdentification and Authentication: The TOE is designed to successfully identify and authenticate users before allowing access to the TOE’s security function. The TOE offers both a local console as well as network interfaces, protected by SSHv2 and HTTPS, for interactive remote administrator sessions.
\r\nSecurity Management: Through web browser and CLI sessions, authorized administrators may configure access control policies and perform other TOE management functions such as password policies, user management, etc.
\r\nProtection of the TSF: The TOE is designed to communicate securely with itself (i.e., TOE components) and components in the operation environment. The TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. The TOE also includes functions to perform boot-up self-tests to detect failures in the cryptographic functions. It also includes mechanisms to verify that TOE updates are not tampered with or corrupted.
\r\nTOE Access: The TOE can be configured to display administrator-configured advisory banners that will appear when users initiate an interactive session with the TOE. In addition, the TOE terminates the sessions if it remains idle for a configured period of time.
\r\nTrusted Path/Channels: The TOE protects interactive communication with administrators using SSHv2 for CLI session and HTTPS for GUI session. This protects the communications from disclosure and modification. The TOE protects communication with network peers, such as a log server, using TLSv1 to prevent unintended disclosure or modification of logs.
","features":[]}