Product Type: Network Security Products - Virtual Private Network

Certificate Details: Certificate 2000/15, October 2000 

Assurance Level: CC EAL1

Evaluation Facility: CSC Australia [opens new window]

Manufacturer: KyberPASS Corporation
Web: http://www.kyberpass.com/

Australian Reseller: Information Sources Australia Pty Ltd
PO Box 931
Belconnen ACT 2616
Phone: (02) 6296 9800
Fax: (02) 6296 9801
Email: contact@infosource.com.au
Web: http://www.kyberpas.com/

	Security Target [234KB]
	Certification Report [122KB]

KyberPASS Secure-Session VPN is a middleware client/server software product that uses a PKI to provide the following network security services:

• Strong authentication of users 
• Digital signature, authentication and audit services to desktop and server applications with no programming required. 
• Create a directed virtual private session on demand (Session VPN) over an IP network. Session key is 168-bit Triple DES (DES3) 
• Enforce centralised policy management 
• Enables centralised monitoring, logging and alarming of network events. 
• Interoperates with DSD approved PKIs 
• Support for both Certification Authority and Local Registration Authorities 
• LDAP V3 compliant X.500 Directory 
• Local and remote LDAP certificate access 
• Support for standard X.509 extensions and enterprise attributes 
• CRL V2 compliant

Product Type: Network Security - Firewalls

No Longer Available

Assurance Level: ITSEC E1

Evaluation Facility: CSC Australia (opens new window)

Manufacturer: Sun Microsystems

Dealer: Sun Microsystems Australia (opens new window)
Level 2, 97 Northbourne Avenue 
TURNER ACT 2612 
Phone: (02) 6217 5500 
Fax: (02) 6257 2664

The SunScreen SPF-100G is a network security system which provides firewall services.

It may be used to protect a private network from unauthorised Internet access or for screening off part of an internal network from other parts of that network. It uses stateful, dynamic packet screening and rules based technology to filter at the packet level while retaining application level intelligence. The rule sets are completely customisable.

An Administration Station enables the management of SunScreen safely and securely within a network through a protected communications channel. A GUI is supplied and one Administration Station can manage any number of SunScreen units.

NOTE: This certificate refers only to the SPF-100G version of the product. 

Product Type: Network Security - Firewalls

Status: Certified 8 January 1999 USA Scheme

Assurance Level: CC EAL2

Evaluation Facility: CSC (opens new window)

Distributor: Lucent Technologies

Please Note: The Certification Report for this product is currently unavailable. For further information please contact the AISEP.

The purpose of the Lucent Managed Firewall is to provide controlled and audited access to specific Internet Protocol (IP) services, both from inside and outside an organisation's network, by allowing, denying and/or redirecting the flow of data through the firewall.  The Lucent Managed Firewall selectively routes information flows among internal and external networks according to a site's security policy rules.  By default, these security policy rules deny all inbound information flows.  Only an authorised administrator has the authority to change the security policy rules.  The Lucent Managed Firewall has the ability to make filtering decisions based on the source IP address, destination IP address, transport layer protocol, source port, destination port, and on the interface on which the packet arrives or goes out.

The Lucent Managed Firewall architecture consists of two physically distinct components: the firewall appliance, which controls the flow of traffic between network interfaces; and the Security Management Server, which allows the System Administrator and Zone Administrators to manage the firewall appliance.  the firewall functions is physically separated from its management server, with the firewall code running on Inferno(™), a Bell Labs-developed operating system.  The evaluated Lucent Managed Firewall Security Management Server runs on the Windows NT(™) platform.  A non-evaluated version of the Security Management Server is available for the Sun Solaris operating system.

Product Type: Network Security - Firewalls

Status: Certified February 2000 USA Scheme

Assurance Level: CC EAL2

Evaluation Facility: CSC Australia (opens new window)

Distributor: Lucent Technologies

Please Note: The Certification Report for this product is currently unavailable. For further information please contact the AISEP.

The purpose of the Lucent Managed Firewall is to provide controlled and audited access to specific Internet Protocol (IP) services, both from inside and outside an organization's network, by allowing, denying, and/or redirecting the flow of data through the firewall. The Lucent Managed Firewall selectively routes information flows among internal and external networks according to a site's security policy rules. By default, these security policy rules deny all inbound information flows. Only an authorized administrator has the authority to change the security policy rules. The Lucent Managed Firewall has the ability to make filtering decisions based on the source IP address, destination IP address, transport layer protocol, source port, destination port, and on the interface on which the packet arrives or goes out.

The Lucent Managed Firewall architecture consists of two physically distinct components: the firewall appliance, which controls the flow of traffic between network interfaces; and the Security Management Server, which allows the System Administrators and Zone Administrators to manage the firewall appliance. The firewall function is physically separated from its management server, with the firewall code running on Inferno(™), a Bell Labs-developed operating system. The evaluated Lucent Managed Firewall Security Management Server runs on the Windows NT(™) platform. A non-evaluated version of the Security Management Server is available for the Sun Solaris Operating System.

Product Type: Networking

Status: Certified 29 October 1999 USA Scheme

Assurance Level:CC EAL2

Evaluation Facility: CSC Australia (opens new window)

Distributor: Check Point Software Technologies, Inc.

	Security Target [315KB]
	Certification Report [199KB]

The evaluated Check Point Firewall-1 Version 4.0 is referred to as the Target of Evaluation (TOE).  The TOE configuration consists of one physical component executing:

• One Firewall Module, that implements the Security Policy, logs events, and communicates with the Management Module

• One Management Module which manages the Firewall-1 database: the Rules Base, network objects, services, users, etc. and

• The Windows NT Server 4.0 operating system with service pack 4 installed.

• Two network interfaces with one designated as internal and the other as external.

The Firewall-1 is a firewall employing a hybrid application-level gateway and packet filtering called Stateful Multilayer Inspection.  The technology utilises packet filtering's performance and scalability and the security of an application gateway.  As an Application-level Firewall, the Firewall-1 mediates flows between clients and servers located on internal and external networks governed by the firewall.  An application-level firewall may employ security servers to screen information flows.  Security servers on the Firewall-1 for FTP and Telnet, require authentication at the firewall by client users before requests for such services can be authorised.  Only valid requests are relayed to the actual server on either an internal or external network.  As a Traffic-filter Firewall, the Firewall-1 selectively routes information flows between an internal and an external network according to a site's security policy rules, the default policy being deny all.  Only an authorised administrator has the authority to change the security policy rules.  Traffic filtering decisions are made on the source address, destination address, transport level protocol, source port, destination port, and are based on the interface on which the packet arrives or goes out.  The Firewall-1 Inspection Engine applies full application-level security but doesn't permit packets to reach full application level security but doesn't permit packets to reach the operating system of the machine the firewall sites on.  Additionally, the firewall imposes traffic-filtering controls on information flows mediated by the firewall.

Product Type: Network Security - Trusted Network Separation

Status: Certified 21 June 1999 USA Scheme

Assurance Level: CC EAL2

Evaluation Facility: COACT, Inc., CAFE Lab

Distributor: Voltaire Advanced Data Security

Vendor Contact: Gary D. Markin
Voltaire Advanced Data Security
8150 Leesburg Pike, Suite 700
Vienna, VA 22182-7700
Phone: +1 703 883 8202
Fax: +1 703 883 8213

	Security Target [157KB]
	Certification Report [519KB]

The 2in1 PC is a hardware based security device developed by Voltaire Advanced Data Security.  The 2in1 PC is an ISA slot PC card that provides a single PC the ability to securely access two physically separate networks, a Public (B) and a Secure (A) network.  This security is achieved through the use of a hardware based security controller that manages the PC's connectivity between the two networks and the hard disk partitions associated with each network.

The 2in1 PC operates on a single AT compatible PC running MS-DOS, Microsoft Windows 3.x, Windows 95, Windows 98, Windows NT (Versions 3.1 and 4), OS/2, SCO and LINUX operating systems.  The PC must include either one or two IDE-ATA compatible hard drives.  If the host PC consists of only one hard drive, then the following disk partitions are created during the installation, a Transition, Public (B), Secure (A) and an optional partition labelled Functional.  If the host PC consists of two hard drives, then the first disk, the master, includes the same partitions as in the one disk configuration while the second disk, the slave, is solely dedicated as an extension to either the Public (B) or the Secure (A) disk partition.

Product Type: Network Security - Firewalls

Certificate Details: 98/05, July 1998

Assurance Level: ITSEC E1

Evaluation Facility: CSC Australia (opens new window)

Manufacturer: CISCO Systems

Distributor: Cisco Systems Australia (opens new window)

Level 1, 18 & 20 Brindabella Circuit
Canberra International Airport ACT 2609
Phone: (02) 6216 0620 
Fax: (02) 6247 3422
Web: www.cisco.com

Please Note: The Security Target and Certification Report for this product is currently unavailable. For further information please contact the AISEP.

Cisco Private Internet Exchange (PIX) is a network security system which provides both firewall services and network translation services (dynamic address translation).

It may be used to protect internal private networks from external networks, or to protect an internal sub-network from the enterprise network. It uses a process called Cut-Through Proxies and Adaptive Security.

The Adaptive Security feature applies to the dynamic translation connections and can be applied to static translation connections where every inbound packet is checked against the Adaptive Security algorithm and against connection state information in memory.

An Identity feature lets NIC-registered IP addresses pass through the firewall without address translation while still retaining Adaptive Security.

PIX has a Failover capability where two PIX firewalls are run in parallel, and if one malfunctions, the second transparently maintains the security operations.

Product Type: Network Security - Network Encryption

Certificate Details: 97/02, October 1997 (Extended March 1999)

Assurance Level: ITSEC E1

Evaluation Facility: CSC Australia (opens new window)

Manufacturer: Cisco Systems

Dealer: Cisco Systems Australia

Level 1, 18 & 20 Brindabella Circuit
Canberra International Airport ACT 2609 
Phone: (02) 6216 0620 
Fax: (02) 6247 3422
Web: www.cisco.com

Please Note: The Security Target and Certification Report for this product is currently unavailable. For further information please contact the AISEP.

Network data encryption and router authentication together provide a means to safeguard network data that travels from one Cisco router to another, across unsecured networks. Network data encryption is provided at the IP packet level. IP packet encryption prevents eavesdroppers from reading the data that is being transmitted. When IP packet encapsulation is used, IP packets can be seen during transmissions, but the IP packet contents (payload) cannot be read. Specifically, the IP header and upper-layer protocol (TCP or UDP) headers are not encrypted, but all payload data within the TCP or UDP packet will be encrypted and therefore not readable during transmission.

Cisco IOS has a flexible network-level encryption solution that encrypts on specified pairs of networks, subnets hosts, or IP protocols. Cisco uses public key cryptography to authenticate each router participating in an encrypted connection, and to exchange encrypted session keys. DES(56 bit) encryption for high-performance bulk encryption of the actual network data. The routers negotiate their connection using Diffie-Hellman key exchange, thus protecting sensitive keys while transiting the public network. Cisco's encryption solution has high bandwidth confidentiality with assurance that the encrypted traffic originates from the correct location and is not being injected midstream by an interloper. 

The encryption feature can be configured with a simple keyword extension to an IP access list. Network managers can specify each router that is permitted to raise an encrypted connection and the traffic that must be encrypted by origin and destination. For example, a manger can elect to encrypt all traffic between remote networks, all traffic between two financial offices, e-mail between administrative machines, or SQL databases queries from a remote site to a central database server. 

When implemented with Cisco's Generic Routing Encapsulation (GRE) tunnels, network-layer encryption can also deploy multiprotocol encrypted virtual private networks (VPNs), integrating remote, trusted LANs and users. Such secure, multiprotocol tunnels make the Internet a viable replacement for many private Corporate WANs or private backbones.

Secure remote management of Cisco Routers can be facilitated through the establishment of specific management VPNs and the use of SNMP.

Product Type: Network Security - Network Encryption

Certificate Details: 97/03, November 1997

Assurance Level: ITSEC E1

Evaluation Facility: Admiral

Manufacturer: SecureNet Limited

Dealer: SecureNet Limited (opens new window)

9-11 Napier Close 
DEAKIN ACT 2600 
Phone: (02) 6260 3255 
Fax: (02) 6260 3188 
Email: enquiry@securenet.com.au

Please Note: The Security Target and Certification Report for this product is currently unavailable. For further information please contact the AISEP.

The SecurNET HSP series are high-speed, hardware DES based encryptors designed to secure connections for Local and Wide Area Networks (LANs and WANs). The encryptors are independent of other network equipment and provide encryption at the IP layer for end-to-end connectivity. Closed User Groups can be set up to selectively pass, encrypt or block IP traffic. 

A hardware based random noise source is used to generate session keys which are regularly exchanged. All units are initialised with a secret key provided by an authorised source. The encryptors have tamper prevention mechanisms to prevent unauthorised access.

The security policy can be configured on a host, subnet, or network basis using IP addresses. It can be maintained independently from other data communications equipment and applications.

The SecurNET HSP can interoperate with the SecurPAC IEM for secure remote access. This means secure intranet's and even Virtual Private Networks (VPNs) can be established over the Internet.

A Frame Relay only version is also available. This encrypts at the Frame Relay level on an individual DLCI basis. A Closed User Group can be configured to selectively pass, encrypt, or block Frame Relay frames.

This series of products supports V.35, RS422, X.21/V.11 and V.24 connections for Frame Relay, and AUI connections for Ethernet. The speeds supported range from 0 to 2 Mbps for Frame Relay and up to 10 Mbps for Ethernet.

Product Type: Network Security - Network Encryption

Certificate Details:97/04, November 1997

Assurance Level: ITSEC E1

Evaluation Facility: Admiral

Manufacturer: SecureNet Limited

Dealer: SecureNet Limited (opens new window)

9-11 Napier Close
DEAKIN ACT 2600 
Phone: (02) 6260 3255 
Fax: (02) 6260 3188 
Email: enquiry@securenet.com.au

Please Note: The Security Target and Certification Report for this product is currently unavailable. For further information please contact the AISEP.

The SecurPAC IEM series are hardware DES based modem encryptors. The modem comes as either a standard V.34 modem or can include an ISDN TA. It can be supplied in a desktop model or as a PC Card (PCMCIA).

The modem can perform encryption on a bytewise basis for point-to-point connectivity. In this mode the unit is protocol independent. Alternatively, the encryptor can be configured to encrypt at the IP layer. In this mode, secure connections can be made over IP based networks such as the Internet. In this mode, the SecurPAC IEM interoperates with the SecurNET HSP.

A hardware based random noise source is used to generate session keys which are regularly exchanged. All units are initialised with a secret key provided by an authorised source. The encryptors have tamper prevention mechanisms to prevent unauthorised access. A password can be used to enable the units.

The SecurPAC IEM series supports modem speeds up to 28.8 Kbps. A single B channel to 64 Kbps in the ISDN mode is also supported.

Product Type: Network Security - Firewalls

Status: Certificate 1998/08, August 1998

Assurance Level: ITSEC E3

Evaluation Facility: CSC Australia (opens new window)

Manufacturer: Softway Pty Ltd with Network Associates

Distributor: SecureNet Limited

Level 3
1 James Place
NORTH SYDNEY  NSW  2060
Phone: (02) 9957 1000 
Fax: (02) 9957 1111 
Email: securenet@securenet.com.au

Please Note: The Security Target and Certification Report for this product is currently unavailable. For further information please contact the AISEP.

Secure-IT Gauntlet is a hardware and software-based firewall system designed to provide secure access and internetwork communications between private, trusted networks and public, untrusted networks, such as the Internet, or between subnets within a private network.

Secure-IT Gauntlet also allows the creation of Virtual Private Networks (VPNs) between authorised peer networks. Traffic travelling on the Internet between protected peer networks can be hidden through IP-level encryption using the Data Encryption Standard (DES).

The Secure-IT Gauntlet Firewall is an application-level proxy based firewall with the following features:

• Firewall-to-firewall encryption using DES

• Support for strong user authentication

• system integrity with cryptographic checksums 

• built-in real-time notification of unauthorised activities

• extensible set of application gateways (proxies)

Secure-IT Gauntlet includes proxies for the following services; Terminal Services (TELNET, RLOGIN); Electronic Mail (SMTP); World Wide Web (HTTP, FTP, SSL and SHTTP); Gopher. The HTTP proxy supports JavaGuard, which can block Java applets.

Product Type: Network Security - Trusted Network Separation

Status: Evaluated 

Assurance Level: TCSEC A1-MI 

Manufacturer: Boeing Aerospace 

Dealer: Boeing Aerospace

PO Box 3999
Seattle Washington 98124-2499 
Phone: +1 206 773 0628 
Fax: +1 206 773 1015

The MLS LAN Secure Network Server System (SNSS)is a network component which can support simultaneous transmission of digital data and analog video within a local area. SNSS comprises multiple Secure Network Servers (SNSs) connected by a transmission medium (e.g., Ethernet) and provides communications between attached devices (hosts, terminals etc.) operating at different sensitivity levels. Terminals are attached to an SNS terminal device interface card which performs user identification and authentication, access control and audit functions. A terminal user may connect to hosts on the network according to mandatory and discretionary access control. SNSS uses a distributed approach to network management.

Product Type: Operating System 

Assurance Level: ITSEC E2

Supplier: SCO

Certification Status: Certificate P119, February 1999

Point of Contact: Jon Coyle

Phone: 01923 813656
Fax: 01923 813 804
Email: jonco@sco.com
Web: www.sco.com

SCO UnixWare 2.1 is a UNIX operating system with functionality designed to exceed ITSEC F-C2. SCO UnixWare 2.1 provides the following functions:

• Discretionary Access Control 
• Audit 
• Identification and Authentication 
• Access Control Lists

Product Type: Operating System

Assurance Level: ITSEC E3

Supplier: SCO

Certification Status: Certificate P131 September 1999

Point of Contact: Jon Coyle

Phone: 01923 813656
Fax: 01923 813 804
Email: jonco@sco.com
Web: www.sco.com

SCO CMW+ is a complete line of trusted workstation, server and development environment based on SCO Open Desktop/Open Server 3.0 with CMW+ security enhancements and MaxSix secure networking software. SCO CMW+ is a multi-level, multi-user, multi-tasking operating system that runs on 386/486/Pentium platforms. It is designed to meet and exceed the functionality requirements of the pre-defined ITSEC F-B1 functionality class.

SCO CMW+ provides the following functions:

• Mandatory Access Control 
• Discretionary Access Control 
• Least Privilege 
• Audit 
• Data Interchange (import/export) 
• Trusted Administrative Roles 
• Identification and Authentication 
• Trusted Recovery 
• Access Control Lists 
• Trusted Window System (trusted path)

Product Type: Operating System

Assurance Level: ITSEC E3

Supplier: Bull S.A.

Certification Status: Certificate 97/81 April 1997

Point of Contact: Son Ho-Dung/Jean Paul Du Bourreau

Phone: +33 4 76 29 76 86
Fax: +33 4 76 29 78 62
Email: son.ho.dung@bull.net

BEST-X/B1 (Bull Enhanced Security Technology) is a secure system evaluated to ITSEC E3, F-B1 (using a stand alone system with dumb terminals)).

BEST-X/B1 is derived from and compliant with the AIX operating system and provides support for the latest hardware platforms including BULL DPX/20 and ESCALA multi-processor machines.

BEST-X/B1 provides support for Mandatory Access Control Policy, Multi-Level Directories, Labelled Printing, Labelled Import/Export Tools, Password Encryption and Generation module interfaces and Extended Audit, over and above the standard AIX Identification and Authentication, DAC, Accounting and Auditing features. BEST-X/B1 is harmonised with unlabelled AIX communications.