PRODUCT DESCRIPTION

The Tripwire Enterprise is a change audit assessment product that can assure the integrity of critical data on a wide variety of servers and network devices (e.g., routers, switches, firewalls, and load balancers) called nodes.  It does this by gathering system status, configuration settings, file content, and file metadata on the nodes and checking gathered node data against previously stored node data to detect modifications. 

The Tripwire Enterprise consists of a server application component (Tripwire Enterprise Server for Windows 2000, XP Professional, or 2003; Solaris 7, 8, or 9; or, Red Hat Enterprise Linux 3 or 4), a client application component (Tripwire Enterprise Agents for Windows 2000, XP Professional, and 2003; Solaris 8, 9, 10; Red Hat Enterprise Linux 3 and 4; SUSE Enterprise Server 9; HP-UX 11.0, 11i v1, and 11i v2; and, AIX 5.1, 5.2, and 5.3), and a client administrative console application component (Tripwire CLI).  The Tripwire Enterprise Server utilizes the SSL mechanism provided by the JVM in its IT environment to facilitate HTTPS communication with the GUI and the CLI. The product is also bundled with a database application (Firebird Database) to support the product’s storage needs.  The Firebird Database is considered part of the IT environment.    While the product supports using the Firebird Database and the Tripwire Enterprise Server (TE Server) on different machines, they must run on the same machine in an evaluated configuration.  The other Tripwire Enterprise components can run on different machines in various combinations.  The Tripwire Enterprise Server is the only product installed and active on the machine in which it is running.

There are two classes of nodes that the Tripwire Enterprise can monitor, those with built-in external administration interfaces and those without.  Examples of the kind of node with built-in administration interfaces are firewalls, routers, switches, load balancers, etc..  Some of these external interfaces use web servers and allow administration via a remote web browser, and others provide command line interfaces or other custom protocols.   These nodes are referred to as agentless nodes.   Examples of nodes without built-in administration interfaces are Microsoft Windows systems and UNIX systems (Solaris, AIX, HP-UX, etc.)   These nodes are referred to as agent nodes, and host an installation of Tripwire Enterprise Agent.

The Tripwire Enterprise Agent provides an interface for Tripwire Enterprise Server where none otherwise exists or to provide a more fully featured interface than an existing one.  Tripwire Enterprise Agents are installed on nodes that run server-type operating system. 

The Tripwire Enterprise may be used to administer the configuration of the nodes it monitors.  It may also be used to monitor the configuration of its nodes, thereby identifying changes made by users or other applications, such as software-provisioning and patch-management tools that run independently of Tripwire Enterprise.

The TOE also uses RMI (Remote Method Invocation) over mutually authenticated SSL network connections to protect intra-TOE communication between Tripwire Enterprise Server and the Tripwire Enterprise Agents over an untrusted network.

The Evaluated Configuration of the Tripwire Enterprise does not include the AAA Monitoring Tool and authentication using external servers.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Tripwire Enterprise was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3 and International Interpretations effective on 30, September 2005.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3.  Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL 3 (methodically tested and checked)package of assurance requirements augmented with ALC_FLR.2 (flaw reporting procedures).  The product, when configured as specified in the installation guides and user guides, satisfies all of the security functional requirements stated in the Tripwire, Inc. Tripwire Enterprise Security Target.  Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC.  The evaluation was completed in February 2009.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Tripwire Enterprise v5.2 prepared by CCEVS.

For this evaluation, it was appropriate for the Security Target to claim compliance with the external standards for MD5 and SHA-1 for the definition of the encryption algorithm. There are many ways of determining compliance with a standard. Tripwire has chosen to make a developer claim of compliance. This means that there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithms actually meets the claimed standards. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user's requirements.

ENVIRONMENTAL STRENGTHS

The Tripwire Enterprise is a commercial IT change audit assessment product that provides change audit assessment, audit, user data protection, security management, authentication and identification, and protection of the security functions features.

·         Change Audit Assessment:  Tripwire Enterprise can monitor files, directories, and registry keys and values by collecting object attribute information of servers and monitor files, command output, and availability of network devices by collecting object attribute information from the devices and compare the information against stored object attribute baselines. 

·         Security Audit:  Tripwire Enterprise generates audit records containing results of the integrity check of the servers and network devices and management actions that occur on the Tripwire Enterprise.

·         User Data Protection:  Tripwire Enterprise implements a discretionary access control policy for three security objects: user sessions, nodes, and node groups. 

·         Identification and Authentication:  Tripwire Enterprise requires that all users are identified and authenticated before any access to the Tripwire Enterprise and the Tripwire Enterprise security-relevant data is allowed.

·         Security Management:  Tripwire Enterprise provides web-based GUIs used by authorized administrators to manage the Tripwire Enterprise, its functions, and its security-relevant data.

·         TSF protection:  Users of the Tripwire Enterprise can access commands only through one of the two administration interfaces provided.  The TOE enforces Commands issued by a user are processed within the TE Server such that the TOE’s enforcement of access control cannot be bypassed.  The TOE invokes the SSL used to protect the communication between the agent and the server.

Vendor Information

Tripwire, Inc.
Harold Metzger, Creative Services Manager
503.276.7572
503.223.0182 (Fax)
hmetzger@tripwire.com