Validated Product - Tripwire Manager 3.0 with Tripwire for Servers 3.0, Tripwire Manager 3.0 with Tripwire for Servers Check Point Edition, 3.0Certificate Date: 14 March 2003 Validation Report Number: Product Type: Sensitive Data Protection Conformance Claim: EAL1 PP Identifiers: None CC Testing Lab: Arca CCTL
PRODUCT DESCRIPTIONTripwire for Servers is a file system integrity assessment tool designed to aid system administrators and users to monitor files for unauthorized or unexpected modification. Tripwire can assure the integrity of critical data on the system(s) by detecting corrupted or altered files and reporting the occurrence to the system administrators, so corrective actions can be taken. Tripwire Manager (TWM) is a Java-based application with a graphical user interface (GUI) that allows the administrator to manage multiple installations of Tripwire for Servers software from a central location. A Tripwire for Servers system can be managed by a single Manager or multiple Managers, however only one Manager can issue commands to a Tripwire for Servers machine at a time. Secure Sockets Layer (SSL) is used to protect each communication link between the Tripwire Manager console and the Tripwire for Servers agents. Following database initialization (creation of a data baseline in a known-good state), Tripwire for Servers conducts subsequent integrity checks, automatically comparing the state of the system with the baseline database. Any inconsistencies are reported to Tripwire Manager and to the host system's log file. Reports can also be emailed to an administrator. In addition, Tripwire for Servers can execute commands automatically in response to violations, or every time when integrity checks are performed. If a violation is actually an authorized change (such as installing an upgrade or new application), a user can update the database so changes no longer show up as violations. SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance with the Cable & Wireless Common Criteria Test Laboratory processes and procedures that are compliant with the Common Criteria Evaluation and Validation Scheme (CCEVS). The criteria against which the Tripwire products were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 Part II and Part III. The evaluation team conducted the evaluation using the Common Methodology for Information Technology Security Evaluation, Version 1.0. For this evaluation, it was appropriate for the Security Target to claim compliance with the external standard for 3DES for the definition of the encryption algorithm. There are many ways of determining compliance with a standard. Tripwire has chosen to make a developer claim of compliance. This means that there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithms actually meets the claimed standards. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user's requirements. The product, configured as outlined in the Secure Installation Guidance, satisfies all of the security functional requirements stated in the Security Target. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Cable & Wireless. ENVIRONMENTAL STRENGTHSTripwire for Servers determines how UNIX and Microsoft Windows file systems, and Windows registry keys have changed. It begins by creating a baseline database of files, directories, and the NT Registry. It monitors file content integrity and 24 file and registry attributes on Windows, as well as 14 file attributes on UNIX systems. Whether it's a single line integrity alert via an SNMP trap or a detailed email report, Tripwire for Servers can output a number of different reporting options. Reports can be viewed from the Tripwire Manager, syslog, email or XML and ensure that you have enough detail to aid in discovery and remediation. Tripwire for Servers software communicates with the Tripwire Manager management console via Secure Sockets Layer (SSL) protocol that provides data encryption and server authentication. Commands and data exchanged with the console are run as a daemon or service. Tripwire for Servers and Tripwire Manager allow you to manage data integrity from one central location. Vendor Information
Tripwire, Incorporated Ed Metcalf 503.276.7576 503.276.7643 (Fax) emetcalf@tripwire.com |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}