RE: IDS Common Criteria

["Alan Shimel" <alan () latis com>]

Common Criteria is just a criteria that the us govt uses to insure that
the product does what the producers say.  It is not a test such as nss,
etc. with a grading it is just a check off so that govt. folks can buy
the product.  The testing for common criteria is done by authorized labs
and can cost upwards of 100k to have done.  It is more a test of
financial resources in getting it done that anything else.  We are
looking at having it done here as well

alan

Alan Shimel
VP of Sales & Business Development
Latis Networks, Inc.

303-642-4515 Direct
516-857-7409 Mobile
303-642-4501 Fax

www.stillsecure.com
Reducing your risk has never been this easy.
. . .
The information transmitted is intended only for the person
to which it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer. 

-----Original Message-----
From: Talisker [mailto:talisker () networkintrusion co uk] 
Sent: Monday, January 06, 2003 11:14 AM
To: focus-ids () securityfocus com; ids () mailman vet com au
Subject: IDS Common Criteria

Hi all

Sorry about cross posting this on the SF and Australian IDS list

I received a marketing post this morning from Intrusion Inc saying that
their SecureNetPro is the only IDS to have passed Common Criteria
Certification, I was under the impression that another IDS vendor (ISS)
had
already achieved similar.  Is there a RealSecure fan out there that
could
confirm this ?

Outside Government and Military circles where I can see Common Criteria
Certification being extremely useful,  how valuable is it, ie within the
financial sector etc ?  More importantly what are it's failings?

take care
-andy
Taliskers Network Security Tools
http://www.networkintrusion.co.uk