Validated Product - Cisco Intrusion Detection System Module (IDSM2) V4.1 (3)Certificate Date: 28 May 2004 Validation Report Number: CCEVS-VR-04-0065 Product Type: IDS/IPS Conformance Claim: EAL2 Augmented with ALC_FLR.1 PP Identifiers: None CC Testing Lab: Arca CCTL PRODUCT DESCRIPTIONThe TOE is the Cisco Intrusion Detection System Module (IDSM2) v4.1(3). The TOE can analyze both the header and content of each packet as well as analyze single packets or a complete flow of attacks while maintaining flow state (allowing for the detection of multi-packet attacks). The TOE uses a rule-based expert system to interrogate the packet information to determine the type of attack, be it simple or complex. The TOE software is a product that provides data collection and analysis functions while being installed in a Cisco Catalyst 6500 series switch hardware device. These devices are to be placed at strategic points throughout a target IT system and interrogate passing network traffic. In response to an attack, the TOE has several options that include generating an alarm, logging the alarm event, configuring an Access Control List to block the attacker and killing TCP sessions. The TOE can be managed remotely in two ways. The first is via web pages over a TLS connection. The second is through the Command Line Interface (CLI) over an SSH connection. The TOE evaluation did not include assessments of the cryptographic functions provided by the Secure Web Server and the Secure Shell components.
|
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org/assets/images/icon_pdf.gif){kind=icon}
