SurfinGate is a proactive malicious mobile code detection and response system that performs behavior-inspection of web content and can block malicious code attacks. It provides services to collect web-based traffic, analyze the collected web-based traffic against an administrator-defined policy, and respond to detected security violations. The SurfinGate product consists of three components - SurfinGate Server, SurfinConsole, and the SurfinGate Database.
\r\nThe SurfinGate Server is a proxy that runs on Windows NT/2000 and Sun Solaris. The proxy intercepts web-based traffic and performs a malicious mobile code analysis upon the web-based traffic. The types of analysis supported include: content inspection of ActiveX, Java, Visual Basic Script and JavaScript, URL filtering, and file extension filtering. Any code that violates SurfinGate's security policy is denied access to the network.
\r\nThe SurfinGate Database provides a repository for the security policy and security violations. The SurfinGate Database can run on the same platform as the SurfinGate Server. The SurfinGate Server stores all of its analysis results in the Database and receives all policy information from the database. The SurfinGate Server receives policy updates on a regular basis reflecting changes the administrator makes to the policy stored in the database.
\r\nThe SurfinConsole is a central tool for managing the security policies, controlling multiple SurfinGate servers and generating audit reports. The SurfinConsole runs on a Windows NT 4.0 Service Pack 4 or above.
\r\nIn the evaluated configuration, SurfinGate resides in a network zone which is limited to web traffic and outbound e-mail. All HTTP requests from the browsers are proxied through SurfinGate server and only trusted users may directly log onto the SurfinGate server.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that Finjan SurfinGate Version 5.6 meets the security requirements contained in the Security Target. The criteria against which the Finjan SurfinGate Version 5.6 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and National and International Interpretations effective on February 13, 2001. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 3. The product, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Two Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in October 2001. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, SurfinGate Version 5.6 prepared by CCEVS.
","environmental_strengths":"SurfinGate provides the following security services: audit, information flow protection, authentication, security management and secure recovery.
\r\nAudit - The SurfinGate system has the ability to audit and filter web-based traffic. The SurfinGate system ensures the audit trail is protected and only administrators may view the audit data.
\r\nInformation Flow Protection - SurfinGate has the ability to filter web-based traffic searching for the following types of malicious mobile code: ActiveX, Java, Visual Basic Script, and JavaScript. In addition to potential malicious mobile code, SurfinGate can filter web-based traffic based on the following criteria: File Extensions, and URLs.
\r\nWith the collected web-based traffic, SurfinGate analyzes the data to see if it matches any identified risks in the security policy. The security policy is an administrator defined policy that specifies what types of data to filter and what action to take if data violates the security policy. The security violations are logged in a database (i.e., audit trail) for future analysis.
\r\nAuthentication - The administrator is the only user that directly accesses the SurfinGate product. The administrator is required to perform password authentication before accessing SurfinGate.
\r\nSecurity Management - SurfinGate includes a number of management functions to control access to the system and to manage the data collection and analysis. The management functions include configuring the security policy that determines what information will be filtered and audited. The management functions are controlled through possession of the administrator password.
\r\nTOE Protection Mechanisms - SurfinGate provides for a secure recovery if it crashes due to a power failure, operating system failure, or hardware failure.
","features":[]}