McAfee Firewall Enterprise V8.2.0 And McAfee Firewall .
McAfee Firewall Enterprise v8.2.0 andMcAfee Firewall Enterprise Control Center v5.2.0Security Target10 January 2012Version 1.1Prepared By:Primasec LtdForMcAfee Inc2340 Energy Park DriveSt. Paul, MN 55108USA
McAfee Firewall EnterpriseSecurity TargetMcAfee IncorporatedContents12Introduction . 51.1ST Introduction . 51.2Security Target, TOE and CC Identification . 61.3Conformance Claims . 61.3.1Common Criteria . 61.3.2Protection Profile . 61.4Conventions . 71.5Terminology & Acronyms . 81.6References . 11TOE Description . 122.1Product Type . 122.2Application Context . 122.3Physical and Logical Boundaries . 122.3.1Evaluation Application Context . 122.3.2Proxy agents to be Evaluated . 132.3.3Features not to be Evaluated . 132.3.4Physical Scope and Boundary . 132.3.5Logical Scope and Boundary . 152.43Security problem definition . 193.1Assumptions . 193.2Threats . 193.2.1Threats Addressed by the TOE. 193.2.2Threat to be Addressed by Operating Environment. 203.345TOE Documentation . 18Organisational security policies. 20Security objectives . 214.1Security objectives for the TOE. 214.2Security objectives for the environment . 22Security requirements . 235.1Security functional requirements . 235.1.1FMT SMR.1 Security roles . 245.1.2FIA ATD.1 User attribute definition . 245.1.3FIA UID.2 User identification before any action . 24Page 2 of 65
McAfee Firewall EnterpriseSecurity TargetMcAfee Incorporated5.1.4FIA AFL.1 Authentication failure handling . 245.1.5FIA UAU.5 Multiple authentication mechanisms . 255.1.6FIA UAU.8 (X) Invocation of authentication mechanism . 255.1.7FIA SOS.2 TSF Generation of secrets . 265.1.8FDP IFC.1 Subset information flow control (1) . 265.1.9FDP IFC.1 Subset information flow control (2) . 275.1.10FDP IFC.1 Subset information flow control (3) . 275.1.11FDP IFF.1 Simple security attributes (1) . 275.1.12FDP IFF.1 Simple security attributes (2) . 295.1.13FDP IFF.1 Simple security attributes (3) . 315.1.14FDP UCT.1 Basic data exchange confidentiality . 325.1.15FTP ITC.1 Inter-TSF trusted channel . 325.1.16FMT MSA.1 Management of security attributes (1) . 325.1.17FMT MSA.1 Management of security attributes (2) . 335.1.18FMT MSA.1 Management of security attributes (3) . 335.1.19FMT MSA.1 Management of security attributes (4) . 335.1.20FMT MSA.1 Management of security attributes (5) . 335.1.21FMT MSA.1 Management of security attributes (6) . 335.1.22FMT MSA.3 Static attribute initialization . 335.1.23FMT MTD.1 Management of TSF data (1) . 335.1.24FMT MTD.1 Management of TSF data (2) . 345.1.25FMT MTD.2 Management of limits on TSF data . 345.1.26FDP RIP.1 Subset residual information protection . 345.1.27FCS COP.1 Cryptographic operation (1 data encryption) . 345.1.28FCS COP.1 Cryptographic operation (2 cryptographic signature services) . 345.1.29FCS COP.1 Cryptographic operation (3 cryptographic hashing) . 345.1.30FCS COP.1 Cryptographic operation (4 cryptographic key agreement). 345.1.31FCS CKM.1 Cryptographic key generation (1) . 355.1.32FCS CKM.1 Cryptogr n the PP is stated to be a firewall. The TOEtype is therefore consistent with the PP.The statement of security problem definition in the ST is consistent with that in the PP. Allthreats, assumptions and organizational security policies in the PP are included in the ST.One threat has been added to address confidentiality and integrity of network traffic insupport of claims made in relation to VPNs.Page 6 of 65
McAfee Firewall EnterpriseSecurity TargetMcAfee IncorporatedThe statement of security objectives in the ST is consistent with that in the PP. The securityobjectives for the TOE in the ST include all those in the PP. One security objective for theTOE has been added, covering use of VPN. This does not conflict with the other objectives.One of the security objectives for the TOE has been repeated in the statement of securityobjectives for the environment, to reflect use of an external single-use authentication server.Some of the security objectives for the environment have been reworded for clarity, but ineach case the objective is unaltered.The statement of security requirements in the ST is consistent with that in the PP. Additionalsecurity functional requirements have been added to reflect use of VPN. These additionalsecurity functional requirements are consistent with those from the PP. An additionalsecurity functional requirement has been added to reflect use of an external authenticationserver. This approach was validated with the PP authors during evaluation of an earlierversion of the TOE in 2007.The security assurance requirements in the ST are hierarchical to those in the PP. The PPcalls up EAL2 augmented with ALC FLR.2, whereas the TOE uses EAL4 augmented withALC FLR.3.1.4ConventionsSince this security target is claiming compliance with a protection profile, the conventionsused are intended to highlight the completion of operations made within this security target.While this security target will include the operations made by the protection profile upon theCC requirements it is not the author’s intent to highlight those operations (i.e., use bold,italics or special fonts). Therefore, keywords (e.g. selection, assignment and refinement)and formatting (e.g., special fonts) used within the protection profile to designate operationsare being removed by this ST. The brackets used by the protection profile to designateoperations completed by the PP are left in the requirements.The following conventions have been applied to indicate operations that this ST is making tothe requirements in the protection profile: Security Functional Requirements – Part 2 of the CC defines the approved set ofoperations that may be applied to functional requirements: iteration, assignment, selection,and refinement.o Iteration: allows a component to be used more than once with varying operations. In theST, iteration is indicated by a number in brackets placed at the end of the component.For example FDP ACC.1 (1) and FDP ACC.1 (2) indicate that the ST includes twoiterations of the FDP ACC.1 requirement, 1 and 2.o Assignment: allows the specification of an identified parameter. Assignments areindicated using bold and are surrounded by brackets (e.g., [assignment]). Note that anassignment within a selection would be identified in italics and with embedded boldbrackets (e.g. [[selected-assignment]]).o Selection: allows the specification of one or more elements from a list. Selections areindicated using bold italics and are surrounded by brackets (e.g., [selection]).o Refinement: allows the addition of details. Refinements are indicated using bold, foradditions, and strike-through, for deletions (e.g., “ all objects ” or “ some big things ”).Page 7 of 65
McAfee Firewall EnterpriseSecurity TargetMcAfee Incorporated Other sections of the ST – Other sections of the ST use bolding to highlight text ofspecial interest, such as captions.1.5Terminology & AcronymsIn the Common Criteria, many terms are defined in Section 4 of [CCPART1]. The followingterms are a subset of those definitions. They are listed here to aid the user of the SecurityTarget.External EntityAny entity (human or IT) outside the TOE thatinteracts (or may interact) with the TOE.UserSame as External EntityAuthorized UserA user who may, in accordance with the SFRs,perform an operation.RoleA predefined set of rules establishing the allowedinteractions between a user and the TOE.IdentityA representation (e.g., a string) uniquely identifyingan authorized user, which can either be the full orabbreviated name of that user or a pseudonym.Authentication dataInformation used to verify the claimed identity of auser.In addition to the above general definitions, this Security Target provides the followingspecialized definitions:Administrator – Any human user who has been identified and authenticated to act in theadministrative role defined in the ST. An “authorized administrator” is an administrator whomay, in accordance with the SFRs, perform an operation. A “non-administrator” is,obviously, someone who is not an administrator.Application-Level Proxy – A proxy server acts on behalf of the user. All requests fromclients to the Internet go to the proxy server first. The proxy evaluates the request, and ifallowed, re-establishes it on the outbound side to the Internet. Likewise, responses from theInternet go to the proxy server to be evaluated. The proxy then relays the message to theclient. Both client and server think they are communicating with one another, but, in fact, aredealing only with the proxy. Proxy servers are available for common Internet services; forexample, an HTTP proxy is used for Web access, and an FTP proxy is used for filetransfers. Such proxies are called "application-level proxies” because they are dedicated toa particular application and protocol, and are aware of the content of the packets being sent.Authenticated Proxy User – A user who has been identified and authenticated to satisfythe requirements for using a proxy according to the authenticated policy enforced by theTOE. A “proxy user” is any user, either authenticated or not, who is sending traffic through aproxy according to any security policy enforced by the TOE. A “remote proxy user” is aproxy user who is also a remote user.Authorized IT entity – Any IT entity outside the TOE that may, in accordance with theSFRs, perform an operation on the TOE.Page 8 of 65
McAfee Firewall EnterpriseSecurity TargetMcAfee IncorporatedLocal Administration Console – This is a physically connected, generic hardware platform(part of the IT environment) running the McAfee Firewall Administration Console client (partof the TOE). Both the local administration console hardware and its network connection tothe McAfee Firewall are physically protected. McAfee Firewall must be configured to acceptadministrative commands from the local administration console.Local Administrator – This is an administrator who uses a local administration console tomanage McAfee Firewall.Remote Administration Console – This is also a generic hardware platform running theMcAfee Firewall Administration Console client; it has a network connection to McAfeeFirewall, but it is not a local administration console. McAfee Firewall must be configured toaccept administrative commands from such a remote administration console.Remote User - A user that communicates with the TOE by means of a network connection.Since administrators are users, a “remote administrator” is an administrator who is also aremote user.Remote Administrator – This is an administrator who uses a remote administrationconsole or Control Center to manage the McAfee Firewall.Single-Use Authentication –Data for single-use authentication can be something the userhas or knows, but not something the user is. Examples of single-use authentication datainclude single-use passwords, encrypted time-stamps, and/or random numbers from asecret lookup table.The following abbreviations are used in this Security Target:AESAdvanced Encryption StandardANSIAmerican National Standards InstituteBSDBerkley Software DistributionCCCommon Criteria for Information Technology Security EvaluationCDCompact DiskCPUCentral Processing UnitDSADigital Signature AlgorithmEALEvaluation Assurance LevelECBElectronic CodebookESPEncapsulating Security PayloadFIPSFederal Information Processing StandardFIPS PUBFederal Information Processing Standard PublicationFLRFlaw RemediationFTPFile Transfer ProtocolGHzGigahertzGUIGraphical User InterfaceHTTPHypertext Transfer ProtocolHTTPSHypertext Transfer Protocol SecurePage 9 of 65
McAfee Firewall EnterpriseSecurity TargetI&AIdentification and AuthenticationICMPInternet Control Message ProtocolIKEInternet Key ExchangeIPSECInternet Protocol SecurityITInformation TechnologyLANLocal Area NetworkMBMegabyteMMUMemory Management UnitNATNetwork Address TranslationNTPNetwork Time ProtocolOSOperating SystemOSPOrganizational Security PolicyPCPersonal ComputerPPProtection ProfilePRNGPseudo Random Number GeneratorPS/2Personal System/2RAMRandom Access MemoryRDSARSA Digital Signature AlgorithmRFCRequest For CommentRNGRandom Number GeneratorSASecurity AssociationSARSecurity Assurance RequirementSFPSecurity Function PolicySFRSecurity Functional RequirementSHASecure Hash AlgorithmSMTPSimple Mail Transfer ProtocolSSLSecure Sockets LayerSTSecurity TargetSVGASuper Video Graphics ArrayTCP/IPTransmission Control Protocol/Internet ProtocolTLSTransport Layer SecurityTOETarget of EvaluationTSCTSF Scope of ControlTSFTOE Security FunctionsMcAfee IncorporatedPage 10 of 65
McAfee Firewall EnterpriseSecurity Target1.6McAfee IncorporatedTSPTOE Security PolicyURLUniform Resource LocatorUSUnited StatesVPNVirtual Private NetworkReferencesThe following documentation was used to prepare this ST:[CC PART1]Common Criteria for Information TechnologySecurity Evaluation – Part 1: Introduction andgeneral model, dated July 2009, version 3.1 revision3, CCMB-2009-07-001.[CC PART2]Common Criteria for Information TechnologySecurity Evaluation – Part 2: Security functionalcomponents, dated July 2009, version 3.1 revision 3,CCMB-2009-07-002.[CC PART3]Common Criteria for Information TechnologySecurity Evaluation – Part 3: Security assurancecomponents, dated July 2009, version 3.1 revision 3,CCMB-2009-07-003.[CEM]Common Methodology for Information TechnologySecurity Evaluation – July 2009, version 3.1 revision3, CCMB-2009-07-004.[FWPP]U.S. Government Protection Profile for Applicationlevel Firewall in Basic Robustness EnvironmentsVersion 1.1, July 25, 2007.[FIPS 140-2]Security Requirements for Cryptographic Modules,Federal Information Processing Standard , May 2001[FIPS 180-3]Secure Hash Standard (SHS), Federal InformationProcessing Standard, Oct 2008[FIPS 197]Advanced Encryption Standard, Federal InformationProcessing Standard, Nov 2001[SP 800-57]Recommendation for Key Management, NISTSpecial Publication, March 2007Page 11 of 65
McAfee Firewall EnterpriseSecurity Target2McAfee IncorporatedTOE DescriptionThis section provides context for the TOE evaluation by identifying the product type anddescribing the evaluated configuration.2.1Product TypeThe McAfee Firewall, operating with two or more network interfaces, provides a hybridfirewall solution that supports both application-level proxy and packet filtering. The McAfeeFirewall software version consists of a collection of integrated firewall applications andSecureOS, a secure operating system. This OS is an extended version of the FreeBSDUNIX operating system. It includes McAfee's patented Type Enforcement securitytechnology, additional network separation control, network-level packet filtering support andimproved auditing facilities. SecureOS also provides the secured computing environment inwhich all McAfee Firewall application layer processing is done. McAfee Firewall alsoprovides VPN capability between separated network enclaves.In addition to the McAfee Firewall hardware or virtual platform running the firewallapplication with SecureOS, the TOE also includes one of the following two configurations:Configuration AThe Admin Console client software (McAfee Firewall Enterprise (Sidewinder) AdminConsole). The Admin Console is separately installed on a generic Windows platform that ispart of the IT environment: it is used to manage McAfee Firewall.Configuration BThe McAfee Firewall Enterprise Control Center (“Control Center”) Management serversoftware, the hardware or virtual platform for running the Control Center Management serversoftware, and the Control Center client software.2.2Application ContextMcAfee Firewall operates in an environment where it provides a single point of connectivitybetween at least two networks. Typically one network is viewed as the inside of anorganization, where there is some assumption of control over access to the computingnetwork. The other network is typically viewed as an external network, similar to the Internet,where there is no practical control over the actions of its processing entities. McAfeeFirewall's role is to limit and control all information flow between the networks.2.3Physical and Logical Boundaries2.3.1Evaluation Application ContextThe following contextual assumptions apply to the TOE:a) It shall be newly installed and configured in accordance with the directivescontained in the supplied guidance documentation;b) Physical access to the configured McAfee Firewall shall be controlled;c) The configured McAfee Firewall shall be connected only to networks between whichit controls information flow;d) The configured McAfee Firewall shall manage traffic for at least two (2) networks, atleast one of which is designated as internal and one is designated as external;Page 12 of 65
McAfee Firewall EnterpriseSecurity TargetMcAfee Incorporatede) The configured McAfee Firewall shall support administrative operations via
the McAfee Firewall Admin Console client software, the hardware or virtual platform for running the firewall software. Configuration B. comprises: the McAfee Firewall Enterprise software, including its SecureOS operating system, the McAfee Firewal
McAfee Firewall Enterprise Control Center Release Notes, version 5.3.1 McAfee Firewall Enterprise Control Center Product Guide, version 5.3.1 McAfee Firewall Enterprise McAfee Firewall Enterprise on CloudShield Installation Guide, version 8.3.0 McAfee Network Integrity Agent Product Guide, version 1.0.0.0
McAfee Management of Native Encryption (MNE) 4.1.1 McAfee Policy Auditor 6.2.2 McAfee Risk Advisor 2.7.2 McAfee Rogue System Detection (RSD) 5.0.4 and 5.0.5 McAfee SiteAdvisor Enterprise 3.5.5 McAfee Virtual Technician 8.1.0 McAfee VirusScan Enterprise 8.8 Patch 8 and Patch 9 McA
McAfee Firewall Enterprise Admin Console provides quick access and complete control over your firewalls. Data Sheet McAfee Firewall Management McAfee Firewall Enterprise Control Center Advantages Quickly search fo
McAfee, Inc. McAfee Firewall Enterprise 4150E Hardware Part Number: NSA-4150-FWEX-E Firmware Versions: 7.0.1.03 and 8.2.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 2 Document Version: 0.6 Prepared for: Prepared by: McAfee, Inc. Corsec Security, Inc. 282
7.X and later, and McAfee Firewall Enterprise 7.x and later. Audience McAfee Firewall Enterprise users, who wish to forward syslog events to EventTracker Manager. The information contained in this document represents the current view of Prism Microsystems Inc. on the issu
McAfee Firewall Enterprise 1100E, 2150E, and 4150E Page 4 of 41 . Administration Console – The Administration Console (or Admin Console) is the graphical software that runs on a Windows computer within a connected network. Admin Console is McAfee’s proprietary GUI management s
McAfee Firewall Enterprise 1100F, 2150F, and 4150F Page 4 of 47 . Admin Console is McAfee’s proprietary GUI management software tool that needs to be installed on a Windows-based workstation. This is the primary management tool. All Admin Console
Academic writing is a formal style of writing and is generally written in a more objective way, focussing on facts and not unduly influenced by personal opinions. It is used to meet the assessment requirements for a qualification; the publ ication requirements for academic literature such as books and journals; and documents prepared for conference presentations. Academic writing is structured .
