Tuesday, April 24, 2012

Certifications for IDS, IPS, FW, Web/Email Gateway Appliances and Endpoint Devices

This post might be helpful for Administrators, persons who are actively involved in making decisions to buy Perimeter/Endpoint security devices, CSO's etc.


This article explains about different security certifications for devices like VPN, Firewalls, Intrusion Detection and Prevention Systems (IDS/IPS), Email/Web Gateways etc.

BITS
BITS initially stood for "Banking Industry Technology Secretariat" which is not acronym anymore. BITS addresses emerging threats releted to cybersecurity, fraud reduction and infrastructure protection related to financial services.

Common Criteria (CC)
Common Criteria for Information Technology Security Evaluation is a framework for Computer Security Certification. Evaluations are performed in the US, UK, Australia,Canada, France and Germany.

CESG CCTM
From CSEG website "CESG protects the vital interests of the UK by providing policy and assistance on the security of communications and electronic data, working in partnership with industry and academia.The CESG Claims Tested Mark (CCTM) scheme provides a government quality mark for the public and private sectors based on accredited independent testing, designed to prove the functionality claims made by Vendors. Testing is carried out by commercial Test Houses".

EAL
Evaluation Assurance Level is a rating given to complete development of a product. Common Criteria lists seven levels with EAL1 being most basic and cheap and EAL 7 most stringent and expensive.

FIPS
Federal Information Processing Standards are US government computer security standards for Cryptographic modules.

ICSA Labs
ICSA Labs is part of Verizon, ICSA has been providing independent third party product testing say FW, IPS etc.

IPv6 Certification
Certifies that a product includes IPv6 mandatory core protocols and interoperability with other IPv6 products.
http://www.ipv6forum.com/ipv6_education/
http://en.wikipedia.org/wiki/DoD_IPv6_Product_Certification


ISO/IEC 27001
International Organization for Standardization/International Electrotechnical Commission 27000 family of standards is an Information Security Management Systems standards.

ITSEC
Information Security Technology Evaluation Criteria is used to evaluate Products and Systems for Security weaknesses.  ITSEC is followed in Australia, France, Germany and the UK.
http://www.ssi.gouv.fr/

NSS
Leading independent security products testing organization evaluating performance, security effectiveness and usability of Endpoint and Network Security (firewall, AV, browser, UTM, IDS/IPS, WAF, SWG, VPN, encryption, SIEM, VA/VM, virtualization) appliances.

Section 508
Section 508 of the US Rehabilitation Act of 1973 mandates that Federal agencies acquire products which enable people with disabilities to have access to information and data in a way that is comparable to the access and use experienced by people without disabilities.


TIC
Technology Integration Center is US Army's formal certification program.

TCSEC or Orange Book
Trusted Computer System Evaluation Criteria is a US governments DoD standards for computer security controls. Performed in US only.
http://www.fas.org/irp/nsa/rainbow/std001.htm
http://csrc.nist.gov/

VPNC
Virtual Private Network Consortium is the international trade association for manufacturers in the VPN market. VPNC does not create standards, it strongly supports the current and future IETF standards.
VPNC interoperability testing: VPNC issues logos for interoperability to VPNC member products which have successfully completed the testing. This testing is available to our IPsec and SSL members.

Anti Virus Certifications
AV's are certified by AV Comparatives, AV Test, Virus Bulletin, West Coast Labs, ICSA Labs, NSS Labs etc. Also AV's are tested against Wildlist.
http://www.av-comparatives.org/index.php
http://www.av-test.org/en/home/
http://www.virusbtn.com/index
http://www.wildlist.org/
http://www.opswat.com/

Tools
Below tools may be used for testing different Perimeter Appliances or Endpoint product.
nmap                      http://nmap.org/
Exploit DB              http://www.exploit-db.com/
tcpreplay                 http://tcpreplay.synfin.net/
tomahawk               http://tomahawk.sourceforge.net/TUTORIAL.html
Metasploit               http://www.metasploit.com/
CoreImpact             http://www.coresecurity.com/
Canvas                    http://immunityinc.com/
Breaking Point         http://www.breakingpointsystems.com/
MuDynamics           http://www.mudynamics.com/