The Target of Evaluation (TOE) is Trend Micro TippingPoint Threat Protection System (TPS) v6.3. The TOE comprises a range of standalone physical and virtual network appliances that provide threat protection, shielding network vulnerabilities, blocking exploits, and defending against known and zero-day attacks. It provides coverage across various threat vectors, including advanced threats, malware, and phishing attempts. It employs a combination of technologies, such as deep packet inspection, threat reputation, and malware analysis, on a flow-by-flow basis, in order to detect and prevent attacks on the network.
\r\nThe focus of the evaluation was on functionality meeting the requirements specified in collaborative Protection Profile for Network Devices, Version 2.2e, including: protection of communications between the TOE and trusted external IT entities; identification and authentication of administrators; auditing of security-relevant events; verification of the source and integrity of updates to the TOE; and use of approved cryptographic mechanisms.
","evaluation_configuration":"The TOE comprises the following appliances running TPS software v6.3:
\r\nThe 1100TX includes one I/O module slot, the 5500TX, 8200TX, 8600TXE, and 9200TXE include two I/O module slots, and the 8400TX includes four I/O module slots. The following standard I/O modules are supported for the 1100TX, 5500TX, 8200TX, and 8400TX devices.
\r\n| \r\n Standard I/O Modules \r\n | \r\n\r\n Trend Micro Part Number \r\n | \r\n
| \r\n TippingPoint 6-Segment Gig-T \r\n | \r\n\r\n TPNN0059 \r\n | \r\n
| \r\n TippingPoint 6-Segment GbE SFP \r\n | \r\n\r\n TPNN0068 \r\n | \r\n
| \r\n TippingPoint 4-Segment 10 GbE SFP+ \r\n | \r\n\r\n TPNN0060 \r\n | \r\n
| \r\n TippingPoint 1-Segment 40 GbE QSFP+ \r\n | \r\n\r\n TPNN0069 \r\n | \r\n
The following standard I/O modules are supported solely for the 8600TXE and 9200TXE devices.
\r\n| \r\n Standard I/O Modules \r\n | \r\n\r\n Trend Micro Part Number \r\n | \r\n
| \r\n TippingPoint 6-Segment 25/10/1 GbE SFP28 \r\n | \r\n\r\n TPNN0370 \r\n | \r\n
| \r\n TippingPoint 4-Segment 100/40 GbE QSFP28 \r\n | \r\n\r\n TPNN0371 \r\n | \r\n
The vTPS virtual appliance consists of TPS v6.3, running on hosts with Intel Xeon CPUs based on Ivy Bridge or newer that support the RDRAND instruction and either:
\r\nThe vTPS virtual appliance uses virtual data ports and does not require I/O modules.
\r\nThe vTPS appliance is provided as one of the following image files:
\r\nThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, September 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance documentation, satisfies all the security functional requirements stated in the Trend Micro TippingPoint Threat Protection System (TPS) v6.3 Security Target. The evaluation was completed in October 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
","environmental_strengths":"Security Audit
\r\nThe TOE is able to generate audit records for security relevant events. The TOE can be configured to store the audit records locally on the TOE and can also be configured to send the logs to a designated external log server. The audit records in local audit storage cannot be modified or deleted. In the event the space available for storing audit records locally is exhausted, the TOE deletes the oldest historical log file, renames the current log file to be a historical file, and creates a new current log file. The TOE will write a warning to the audit trail when the space available for storage of audit records drops below 25% capacity.
\r\nCryptographic Support
\r\nThe TOE is operated in FIPS mode and includes FIPS-approved and NIST-recommended cryptographic algorithms. The TOE provides cryptographic mechanisms for symmetric encryption and decryption, cryptographic signature services, cryptographic hashing services, keyed-hash message authentication services, deterministic random bit generation seeded from a suitable entropy source, and cryptographic key destruction. The cryptographic mechanisms support SSH used for secure communication, both as client and server.
\r\nIdentification and Authentication
\r\nThe TOE requires administrators to be successfully identified and authenticated before they can access any of the security management functions provided by the TOE. The TOE offers both a locally connected console and a network accessible interface over SSH to support administration of the TOE.
\r\nThe TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. When a user is authenticated at the local console, no information about the authentication data (i.e., password) is echoed to the user. Passwords can be composed of any combination of upper and lower case letters, numbers, and the following special characters: “!”; “@”; “#”; “$”; “%”; “^”; “&”; “*”; “(“; “)”; “,”; “.”; “?”; “<”; “>”; and “/”. The minimum password length is configurable by an administrator. The TOE can support minimum password lengths of 15 characters. In addition, administrators accessing the Ethernet Management port can be defined with an SSH public key for public key-based authentication for SSH connections rather than a password.
\r\nThe TOE provides authentication failure handling for remote administrator access. When the defined number of unsuccessful authentication attempts has been reached, the remote administrator accessing the TOE via SSH is locked out for an administrator configurable period of time. Authentication failures by remote administrators cannot lead to a situation where no administrator access is available to the TOE since administrator access is still available via the local console.
\r\nSecurity Management
\r\nThe TOE provides administrator roles and supports local and remote administration. The TOE supports Super User, Admin, and Operator roles that map to the Security Administrator role in the claimed PP. Each user must be assigned a role in order to perform any management action. The TOE provides authorized administrators with a command line interface (CLI), accessible locally via direct console connection and remotely via SSH, for TOE configuration and to monitor, collect, log, and react in real-time to potentially malicious network traffic.
\r\nProtection of the TSF
\r\nThe TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism that ensures reliable time information is available.
\r\nThe TOE provides mechanisms to view the current version of the TOE and to install updates of the TOE software. TOE updates are initiated manually by the Super User or Admin, who can verify the integrity of the update prior to installation using a digital signature.
\r\nThe TOE performs tests for software module integrity and cryptographic known-answer tests.
\r\nTOE Access
\r\nThe TOE implements administrator-configurable session inactivity limits for local interactive sessions at the console and for SSH sessions. The TOE will terminate such sessions when the inactivity period expires. In addition, administrators can terminate their own interactive sessions by logging out at the console and SSH.
\r\nThe TOE supports an administrator-configurable TOE access banner that is displayed prior to a user completing the login process at the CLI. This is implemented for both local and remote management connections.
\r\nTrusted Path/Channels
\r\nThe TOE protects interactive communication with remote administrators using SSH. SSH ensures confidentiality of transmitted information and detects any loss of integrity.
\r\nThe TOE also uses SSH to protect the transmission of audit records to an external audit server.
","features":[{"id":855,"feature_name":"Asymmetric Key Generation"},{"id":851,"feature_name":"Auditing"},{"id":858,"feature_name":"Cryptographic Hashing"},{"id":856,"feature_name":"Cryptographic Key Establishment"},{"id":857,"feature_name":"Cryptographic Signature Verification"},{"id":853,"feature_name":"DRBG"},{"id":852,"feature_name":"Key Destruction"},{"id":859,"feature_name":"Keyed-hash message authentication"},{"id":860,"feature_name":"SSH Client"},{"id":861,"feature_name":"SSH Server"},{"id":854,"feature_name":"Virtual Network Device"}]}