Security Target: Symantec Endpoint Protection Version 11
Security Target: Symantec Endpoint Protection Version 11.0Security Target: Symantec Endpoint Protection Version 11.0ST Version 1.6June 2, 2008Document Version 1.6 Symantec CorporationPage 1 of 68
Security Target: Symantec Endpoint Protection Version 11.0Prepared For:Prepared By:Symantec CorporationApex Assurance Group, LLC20330 Stevens Creek Blvd.5448 Apex Peakway Drive, Ste. 101Cupertino, CA 95014Apex, NC 27502www.symantec.comwww.apexassurance.comThis document provides the basis for an evaluation of a specific Target of Evaluation (TOE), theSymantec Endpoint Protection Version 11.0. This Security Target (ST) defines a set ofassumptions about the aspects of the environment, a list of threats that the product intends tocounter, a set of security objectives, a set of security requirements and the IT security functionsprovided by the TOE which meet the set of requirements.Document Revision HistoryREVISION1.01.11.21.31.41.51.6DATESeptember 23, 2007November 8, 2007January 14, 2008February 21, 2008March 11, 2008May 13, 2008June 2, 2008Document Version 1.6DESCRIPTIONInitial releaseAddress initial verdicts from EWA-CanadaMinor updatesUpdate with details to address PD-0129Clarify roles and descriptive mapping to PP rolesRemove proprietary marking and other final editsClarify final validator comment; release for publishing Symantec CorporationPage 2 of 68
Security Target: Symantec Endpoint Protection Version 11.0Table of Contents1INTRODUCTION . 71.11.21.31.41.51.62IDENTIFICATION . 7OVERVIEW . 7CC CONFORMANCE CLAIM . 7ORGANIZATION . 8DOCUMENT CONVENTIONS . 8DOCUMENT TERMINOLOGY . 9TOE DESCRIPTION . 102.1PRODUCT TYPE . 102.2PRODUCT DESCRIPTION . 102.2.1 Symantec Endpoint Protection Client . 102.2.1.12.2.22.2.2.12.2.3Operating System Support . 10Symantec Endpoint Protection Manager . 11Operating System Support . 11Operator Roles in the TOE . 112.2.3.12.2.3.22.2.3.3Central Administrator. 11Workstation User . 12Network User . 122.3TOE BOUNDARIES . 122.3.1 Physical Boundary Configuration . 122.3.2 Logical Boundaries . 132.3.2.12.3.2.22.3.2.32.3.2.42.3.2.53Antivirus. 13Audit . 13Cryptographic Operations . 14Management . 14Protection of the TOE . 14TOE SECURITY ENVIRONMENT . 153.1SECURE USE ASSUMPTIONS . 153.2THREATS TO SECURITY . 153.2.1 Threats Addressed by the TOE. 163.2.2 Threats Addressed by Operating Environment . 173.3ORGANIZATIONAL SECURITY POLICIES . 174SECURITY OBJECTIVES . 184.14.24.35SECURITY OBJECTIVES FOR THE TOE. 18SECURITY OBJECTIVES FOR THE IT ENVIRONMENT . 19SECURITY OBJECTIVES FOR THE NON-IT ENVIRONMENT . 20IT SECURITY REQUIREMENTS . 215.1TOE SECURITY FUNCTIONAL REQUIREMENTS . 215.1.1 Security Audit (FAU) . 75.1.2FAU GEN.1 Audit Data Generation . 21FAU GEN.2 User Identity Association . 23FAU SAR.1 Audit Review . 23FAU SAR.2 Restricted Audit Review . 23FAU SAR.3 Selectable Audit Review . 23FAU STG.1 Protected Audit Trail Storage . 24FAU STG.4 Site-Configurable Prevention of Audit Loss . 24Antivirus (FAV) – Explicitly Stated . 245.1.2.15.1.2.2FAV ACT EXP.1 Anti-Virus Actions . 24FAV ALR EXP.1 Antivirus Alerts . 25Document Version 1.6 Symantec CorporationPage 3 of 68
Security Target: Symantec Endpoint Protection Version 11.05.1.2.35.1.35.1.3.15.1.4FCS COP.1 Cryptographic Operation. 25Security Management (FMT) . 265.1.4.15.1.4.25.1.4.35.1.4.45.1.5FAV SCN EXP.1 Antivirus Scanning . 25Cryptographic Support (FCS). 25FMT MOF.1 Management of Security Functions Behavior . 26FMT MTD.1 Management of TSF Data . 26FMT SMF.1 Specification of Management Functions . 26FMT SMR.1 Security Roles . 27Protection of the TSF (FPT) . 275.1.5.1FPT SEP EXP.1 Partial TSF Domain Separation . 275.2SECURITY FUNCTIONAL REQUIREMENTS FOR THE IT ENVIRONMENT . 275.2.1 Security Audit (FAU) . 275.2.1.15.2.25.2.2.15.2.36FPT ITT.1 Basic Internal TSF Data Transfer Protection . 29FPT RVM.1 Non-Bypassability of the TSP. 29FPT SEP.1 TSF Domain Separation . 29FPT STM.1 Reliable Time Stamps . 29TOE Access (FTA) . 295.2.5.15.2.5.25.35.4FIA AFL.1 Authentication Failure Handling . 28FIA SOS.1 Verification of Secrets . 28FIA UAU.2 User Authentication Before any Action . 28FIA UAU.6 Re-Authenticating . 28FIA UID.2 User Identification Before any Action. 28FIA PLA EXP.1 Performance and Log Alerts (EXP) . 29Protection of the TSF (FPT) . 295.2.4.15.2.4.25.2.4.35.2.4.45.2.5FDP RIP.1 Subset Residual Information Protection . 28Identification and Authentication (FIA). AU STG.1 Protected Audit Trail Storage . 27User Data Protection (FDP) . 28FTA SSL.1 TSF-Initiated Session Locking . 29FTA TAB.1 Default TOE Access Banners. 30SECURITY REQUIREMENTS FOR THE NON-IT ENVIRONMENT . 30TOE SECURITY ASSURANCE REQUIREMENTS . 30TOE SUMMARY SPECIFICATION . 326.1TOE SECURITY FUNCTIONS . 326.1.1 Antivirus . 326.1.2 Audit. 326.1.3 Cryptographic Operations . 356.1.4 Management . 356.1.4.16.1.4.26.1.4.3Security Roles . 35Security Audit. 36Access Control . 366.1.5 TSF Protection . 366.2SECURITY ASSURANCE MEASURES . 367PROTECTION PROFILE CLAIMS . 408RATIONALE . 418.1RATIONALE FOR SECURITY OBJECTIVES OF THE TOE, IT ENVIRONMENT, AND NON-ITENVIRONMENT . 418.1.1 Summary Mapping of Security Objectives . 418.1.2 Rationale for Security Objectives of the TOE . 428.2SECURITY REQUIREMENTS RATIONALE . 518.2.1 Summary of TOE Security Requirements. 518.2.2 Sufficiency of Security Requirements . 538.2.3 Summary of IT Environment Security Requirements . 598.2.4 Sufficiency of Security Requirements for the IT Environment . 608.3TOE SUMMARY SPECIFICATION RATIONALE. 62Document Version 1.6 Symantec CorporationPage 4 of 68
Security Target: Symantec Endpoint Protection Version 11.08.3.1 Sufficiency of IT Security Functions . 638.4RATIONALE FOR IT SECURITY REQUIREMENT DEPENDENCIES . 648.4.1 Rationale for Unsupported SFR Dependencies . 668.5RATIONALE FOR EXPLICITLY STATED REQUIREMENTS . 678.6RATIONALE FOR SECURITY ASSURANCE REQUIREMENTS . 678.7RATIONALE FOR STRENGTH OF FUNCTION CLAIM . 678.8RATIONALE FOR PROTECTION PROFILE CLAIMS. 68List of TablesTable 1 – ST Organization and Description. 8Table 2 – Acronyms Used in Security Target . 9Table 3 – Symantec Endpoint Protection Client: Supported Operating Systems . 10Table 4 – Symantec Endpoint Protection Manager: Supported Operating Systems . 11Table 5 – Evaluated Configuration for the TOE . 12Table 6 – TOE Security Functional Requirements. 21Table 7 – FAU GEN.1 Events and Additional Information . 23Table 8 – Security Assurance Requirements . 30Table 9 – Available Reports. 34Table 10 – Description of Roles Supported in the TOE . 35Table 11 – Assurance Measures . 39Table 12 – Modifications from Protection Profile . 40Table 13 – Mapping of Assumptions, Threats, and OSPs to Security Objectives . 42Table 14 – Mapping of Threats, Policies, and Assumptions to Objective . 51Table 15 – Mapping of TOE Security Functional Requirements and Objectives. 53Table 16 – Rationale for TOE Objectives . 59Table 17 – Mapping of IT Environment Security Functional Requirements and Objectives . 60Table 18 – Rationale for IT Environment Objectives. 62Table 19 – Mapping of Security Functional Requirements to IT Security Functions . 63Table 20 – Sufficiency of IT Security Functions . 64Table 21 – TOE SFR Dependency Rationale . 66Table 22 – Unsupported SFR Dependency Rationale . 66Table 23 – Rationale for Explicitly Stated Requirements . 67List of FiguresDocument Version 1.6 Symantec CorporationPage 5 of 68
Security Target: Symantec Endpoint Protection Version 11.0Figure 1 – TOE Boundary . 13Document Version 1.6 Symantec CorporationPage 6 of 68
Security Target: Symantec Endpoint Protection Version 11.01IntroductionThis section identifies the Security Target (ST), Target of Evaluation (TOE), conformance claims,Security Target organization, document conventions, and terminology. It also includes anoverview of the evaluated product.1.1 IdentificationThis section provides information necessary to identify and control this ST and its Target ofEvaluation.ST Title:Security Target: Symantec Endpoint Protection Version 11.0ST Revision:1.6ST Publication Date:June 2, 2008TOE Identification:Symantec Endpoint Protection Version 11.0Vendor:Symantec CorporationCC Version:Common Criteria for Information Technology Security Evaluation,Version 2.3 and applicable international and NIAP interpretations as ofNovember 23, 2004.Author:Apex Assurance GroupPP Compliance:U.S. Government Protection Profile for Anti-Virus Applications forWorkstations in Basic Robustness Environments, Version 1.1, April 4,2006Keywords:Symantec , antivirus, endpoint protection1.2 OverviewThe TOE is Symantec Endpoint Protection Version 11.0, which delivers a comprehensiveantivirus/endpoint security solution with a single agent and a single, centralized managementconsole. Symantec Endpoint Protection Version 11.0 may hereafter also be referred to as theTOE in this document.1.3 CC Conformance ClaimThe TOE meets the following claims: Common Criteria Part 2 Extended Common Criteria Part 3 EAL2 conformant with augmentation to include ALC FLR.2 andAVA MSU.1. Conformance to U.S. Government Protection Profile for Anti-Virus Applications forWorkstations in Basic Robustness Environments, Version 1.1, April 4, 2006.Document Version 1.6 Symantec CorporationPage 7 of 68
Security Target: Symantec Endpoint Protection Version 11.01.4 OrganizationThis Security Target follows the following s an overview of the Security Target2TOE DescriptionDefines the hardware and software that make up theTOE as well as the physical and logical boundaries ofthe TOE3TOE SecurityEnvironmentSpecifies the threats, assumptions and organizationalsecurity policies that affect the TOE4Security ObjectivesDefines the security objectives for the TOE and theTOE environment5IT Security RequirementsContains the functional and assurance requirements forthis TOE6TOE SummarySpecificationIdentifies the IT security functions provided by the TOEand also identifies the assurance measures targeted tomeet the assurance requirements.7PP ClaimsSpecifies Protection Profile conformance claims of theTOE8RationaleProvides a rationale to demonstrate that the securityobjectives satisfy the threats; provides justifications ofdependency analysis and strength of function issuesTable 1 – ST Organization and Description1.5 Document ConventionsThe notation, formatting, and conventions used in this Security Target are consistent with thoseused in Version 2.3 of the Common Criteria. Selected presentation choices are discussed here toaid the Security Target reader. The Common Criteria allows several operations to be performedon functional requirements: The allowable operations defined in paragraph 2.1.4 of Part 2 of theCommon Criteria are refinement, selection, assignment and iteration. The assignment operation is used to assign a specific value to an unspecified parameter,such as the length of a password. An assignment operation is indicated by showing thevalue in square brackets, i.e. [assignment value(s)]. The refinement operation is used to add detail to a requirement, and thus further restrictsa requirement. Refinement of security requirements is denoted by bold text. Any textremoved is indicated with a strikethrough format (Example: TSF). The selection operation is picking one or more items from a list in order to narrow thescope of a component element. Selections are denoted by underlined italicized text. Iterated functional and assurance requirements are given unique identifiers by appendingDocument Version 1.6 Symantec CorporationPage 8 of 68
Security Target: Symantec Endpoint Protection Version 11.0to the base requirement identifier from the Common Criteria an iteration number insideparenthesis, for example, FMT MTD.1.1 (1) and FMT MTD.1.1 (2) refer to separateinstances of the FMT MTD.1 security functional requirement component. Application notes provide additional information for the reader, but do not specifyrequirements. Application notes are denoted by italicized text within the functionalrequirements and are preceded with the text “Application Note”Italicized text is used for both official document titles and text meant to be emphasized more thanplain text.1.6 Document TerminologyThe following table provides a list of acronyms used within this document:TERMDEFINITIONAVPPU.S. Government Protection Profile for Anti-VirusApplications for Workstations in Basic RobustnessEnvironments, Version 1.1, April 4, 2006CCCommon CriteriaCMVPCryptographic Module Validation ProgramEALEvaluation Assurance LevelFIPSFederal Information Processing StandardNIAPNational Information Assurance PartnershipNTPNetwork Time ProtocolOSPOrganizational Security PolicyPPProtection ProfileSEPSymantec Endpoint ProtectionSFRSecurity Functional RequirementSHASecurity Hash AlgorithmSOFStrength Of FunctionSTSecurity TargetTOETarget Of EvaluationTSFTOE Security FunctionTSPTOE Security PolicyTable 2 – Acronyms Used in Security TargetDocument Version 1.6 Symantec CorporationPage 9 of 68
Security Target: Symantec Endpoint Protection Version 11.02TOE DescriptionThis section describes the Target of Evaluation (TOE), the provided security functionality (logicalboundaries), and the physical TOE boundaries.2.1 Product TypeSymantec Endpoint Protection combines Symantec AntiVirus with advanced threatprevention to deliver a defense against malware for laptops, desktops, and servers. It providesprotection against even the most sophisticated attacks that evade traditional security measures,such as rootkits, zero-day attacks, and mutating spyware.The product type of the Target of Evaluation (TOE) described in this Security Target (ST) is anantivirus application running on workstations (e.g., desktops and laptops), along with amanagement component running on a central server to control and monitor execution of theantivirus application.2.2 Product DescriptionThe evaluated features of Symantec Endpoint Protection are comprised of the followingcomponents: Symantec Endpoint Protection Client Symantec Endpoint Protection Manager (and management console)The following sections describe each component in more detail.2.2.1Symantec Endpoint Protection ClientThe Symantec Endpoint Protection Client is software that protects servers, desktops, and laptopssystems on an internal network.2.2.1.1Operating System SupportOPERATING SYSTEM32-BIT64-BITMicrosoft Windows Vista Microsoft Windows 2003 Microsoft Windows XP (SP2 ) Microsoft Windows 2000 (SP3and higher) 1Table 3 – Symantec Endpoint Protection Client: Supported Operating Systems1Tested on Service Pack 2 but compatible with previous versions of Windows XPDocument Version 1.6 Symantec CorporationPage 10 of 68
Security Target: Symantec Endpoint Protection Version 11.02.2.2Symantec Endpoint Protection ManagerThe management functions of the Central Administrator may execute on a separate system fromthe portion of the TOE performing virus scanning on workstations; this portion of the TOE iscalled Symantec Endpoint Protection Manager (SEPM). The SEPM communicates with individualworkstations via an agent over HTTPS that is installed with the Symantec Endpoint ProtectionClient software. The SEPM is managed via Console application running on a host computer,which communicates with the SEPM via HTTPS.2.2.2.1Operating System SupportOPERATING SYSTEM32-BIT64-BIT Microsoft Windows 20032Microsoft Windows XP (SP2 ) Microsoft Windows 2000 (SP3and higher) Table 4 – Symantec Endpoint Protection Manager: Supported Operating Systems2.2.3Operator Roles in the TOEThe TOE supports the roles defined in the following sections.2.2.3.1Central AdministratorThe Central Administrator controls the operation of all instances of the TOE under their authority.This role has the authority to: Remotely manage operation of the TOE on workstations Schedule scans of existing files Manually invoke scans Control the minimum depth of scans Update virus signature files Receive alert notifications from the centralized management system Acknowledge alert notifications from the centralized management system Review the TOE audit information in the centralized management systemApplication Note: When the workstation is stand-alone (i.e., not network-attached), the local2Tested on Service Pack 2 but compatible with previous versions of Windows XPDocument Version 1.6 Symantec CorporationPage 11 of 68
Security Target: Symantec Endpoint Protection Version 11.0administrator for the workstation assumes the privileges of the Central Administrator for thatworkstation. The Central Administrator privileges associated with the centralized managementsystem do not apply to this scenario, and operation of the TOE is administered locally.2.2.3.2Workstation UserThis role is defined as the user utilizing the workstation on which the SEP Client is installed. Thisrole has the authority to: Manually invoke scans Increase the depth of scans on manually invoked scans Receive alert notifications for events on the workstation being used Acknowledge alert notifications for events on the workstation being used Review the TOE audit information on the workstation being used2.2.3.3Network UserThis role is defined as a remote user or process sending information to the workstation via anetwork protocol. This role has the authority to: Send information to the workstation2.3 TOE Boundaries2.3.1Physical Boundary ConfigurationThe TOE is defined as Symantec Endpoint Protection Version 11.0. In order to comply with theevaluated configuration, the following components should be used:COMPONENTVERSION NUMBERSEPM SoftwareVersion 11.0.776.942Client SoftwareVersion: 11.0.780.1109Operating SystemPlease see Table 3 – Symantec Endpoint Protection Client:Supported Operating Systems and Table 4 – SymantecEndpoint Protection Manager: Supported OperatingSystems for a list of operating systems supported in theevaluated configurationTable 5 – Evaluated Configuration for the TOEFigure 1 – TOE Boundary illustrates the physical scope and the physical boundary of theSymantec Endpoint Protection solution and harnesses the TOE components and the elements ofthe TOE Environment.The essential physical components for the proper operation of the TOE in the evaluatedDocument Version 1.6 Symantec CorporationPage 12 of 68
Security Target: Symantec Endpoint Protection Version 11.0configuration are as follows: Symantec Endpoint Protection Client Symantec Endpoint Protection Manager Console TOE Boundary IT EnvironmentFigure 1 – TOE Boundary2.3.2Logical BoundariesThis section outlines the boundaries of the security functionality of the TOE; the logical boundaryof the TOE includes the security functionality described in the following sections.2.3.2.1AntivirusThe TOE is designed to help prevent memory-based and file-based viruses. The TOE can beconfigured to perform various actions if a virus is detected.2.3.2.2AuditThe audit services include details on actions taken when a virus is detected as well asadministrative actions performed while accessing the TOE. The TOE generates audits whenDocument Version 1.6 Symantec CorporationPage 13 of 68
Security Target: Symantec Endpoint Protection Version 11.0security-relevant events occur, stores the audit information on the local system, transmits theaudit information to a central management system, generates alarms for designated events, andprovides a means for audit review.Protection of audit data in the audit trail involves the TOE and the Operating System (OS). TheTOE controls the insertion of audit events into the audit log and the deletion of audit events fromthe audit log. The OS provides basic file protection services for the audit log.2.3.2.3Cryptographic OperationsThe TOE implements FIPS-approved cryptographic functionality to verify the integrity of thesignature files download from Symantec Security Response / Live Update.2.3.2.4ManagementThe TOE provides administrators with the capabilities to configure, monitor and manage the TOEto fulfill the Security Obj
Keywords: Symantec , antivirus, endpoint protection 1.2 Overview The TOE is Symantec Endpoint Protection Version 11.0, which delivers a comprehensive antivirus/endpoint security solution with a single agent and a single, centralized management console. Symantec Endpoint Protection
3. Symantec Endpoint Protection Manager 4. Symantec Endpoint Protection Client 5. Optional nnFortiClient EMS For licenses to Symantec Endpoint Protection, please contact Symantec’s respective sales team. NOTE: This guide is pertinent to the integration between the relevant portions of the FortiGate, the FortiClient, and Symantec Endpoint .
clients and is configured with Symantec Endpoint Protection Manager Console. The Symantec Endpoint Protection client is installed on the scan nodes, which are used to protect the file data that resides on SONAS. Symantec Endpoint Protection Manager Console lets users centrally manage Symantec Endpoint Protection clients, known as . scan nodes
Installing Symantec Endpoint Protection Manager on the Amazon EC2 platform Symantec Endpoint Protection Manager is installed by deploying the Symantec Endpoint Protection Manager AMI (Amazon Machine Image) from AWS Marketplace. Symantec Endpoint Protection Manager AMI can be
TOE Identifier Symantec Endpoint Protection (SEP) TOE Software Version Version 14.2 TOE Developer Symantec Corporation Key Words Endpoint Security, Client, Application, Cyber Defense Table 1 TOE/ST Identification 1.2 TOE Overview The Symantec Endpoint Protection client (hereafter referred to as the TOE or SEP) is a multifaceted endpoint threat .
Endpoint Protection Manager (SEPM) operations from a remote application, such as Symantec Advanced Threat Protection (ATP) and Symantec Web Gateway (SWG). You use the APIs if you do not have access to Symantec Endpoint Protection Manager. If you use the Symantec Endpoint Protection
Symantec Endpoint Protection . Endpoint Protection Manager: v11.600.550 Symantec Endpoint Protection: v11.6000.550 . Sophos Endpoint Security and Data Protection . Enterprise Console: v4.0.0.2362 Endpoint Security and Control: v9.05 . Trend Micro Worry-Free Business Security: Standard Edition . Worry-Free Business Security: v6.0 SP2 build 3025
1. Open Symantec Endpoint Protection Manager. The Symantec Endpoint Protection Manager window appears. 2. On the left side of the Symantec Endpoint Protection Manager window, select the Clients icon. 3. In the Tasks list in the lower left area of the window, select Install a client. The Client Deployment Wizard dialog box appears.
published by the American Petroleum Institute (API, 1984, 1991) are generally not consistent with the physical processes that dictate actual pile capacity. For example, the experimental observa- tion of a gradual reduction in the rate of increase of pile capacity with embedment depth is allowed for by imposing limiting values of end-bearing and shaft friction beyond some critical depth .
