Firewall Wizards mailing list archives

Re: Firewall certification

From: Neil Lehrer <nlehrer () ibb gov>
Date: Tue, 27 Jul 1999 16:01:51 -0400

you can look at http://www.radium.ncsc.mil/tpep/index.html

for info on common criteria.

````````````````

Rick Smith wrote:


At 11:45 AM 7/23/99 +0100, kris.van.opstaele () be arthurandersen com wrote:

On their website, you can find their "Product Certification Criteria"

(version

3.0, currently).  Did anybody check
out these criteria in detail, or their certification process as a whole ?


I haven't looked at it recently, but in the past their certification
essentially shows that the firewall is capable of blocking traffic on
command. They don't do detailed vulnerability analyses, but then they cost
that much (somewhere between $10K and $30K if I remember correctly)

Furthermore, are there other similar initiatives (such as ITSEC, Common
Criteria) to certify popular firewall products ?


NIST has published two draft Common Criteria Protection Profiles for
firewalls, and various folks in the government are talking about developing
a couple more for higher security boundary protection.

At the present there are several firewalls that have completed ITSEC
evaluation in the UK. I've only found one firewall that's completed a
Common Criteria evaluation and I don't know if it followed a particular
protection profile or not. There are international treaties declaring that
participating governments (US, UK, Germany, Netherlands, I think) will
recognize each others' Common Criteria evaluations. This doesn't
automatically extend to TCSEC or ITSEC evaluations, though.

Common Criteria evaluation is at least an order of magnitude more expensive
then ICSA firewall certification.

Rick.


-- 


regards

+++++++++++++++++++++++++++++++++++++++++++++++
+ Neil Lehrer                       
+
+ International Broadcasting Bureau
+ System Development Division
+                                   
+ voice    202 619-2524             
+ fax      202 619-3576             
+ nlehrer () ibb gov
+                                   
+ " is this crisis an opportunity or just
+   another grab the fire extinguisher moment?"
+                              
++++++++++++++++++++++++++++++++++++++++++++++++

Current thread:

Firewall certification kris . van . opstaele (Jul 23)
- Re: Firewall certification Rick Smith (Jul 26)
  - Re: Firewall certification Neil Lehrer (Jul 27)