nCircle™ IP360™ Vulnerability Management System V6.3.4 Vulnerability and Exposure Manager (VnE 1000 and VnE 3000) Device Profiler (DP 1000 and DP 2000) nTellect™ 2000 nCircle™
Network Security, Inc.
101 Second Street, Suite 400
San Francisco, California 94105
United States
Telephone: 415-625-5900
Fax: 415-625-5982
sales@ncircle.com
The nCircle™ Network Security, Inc. IP360™ Vulnerability Management System V6.3.4 was the subject of a Common Criteria evaluation performed by the Common Criteria Evaluation Facility at EWA-Canada, located in Ottawa, Ontario, Canada. The evaluation was completed in May 2005.
The evaluation of the IP360™ Vulnerability Management System determined that this Information Technology (IT) product can be trusted, to an assurance level of EAL 3, to conform to the requirements of the associated security target.
The IP360™ is a vulnerability management system designed to monitor a network and assess in real time the vulnerabilities of the IP enabled devices that are linked to it. The evaluated configuration is comprised of:
| TOE Component | Operating System | Software Version | Hardware |
|---|---|---|---|
| Vulnerability and Exposures Manager (VnE) | FreeBSD v4.7 | nCircle™ IP360™ Vulnerability Management System V6.3.4 | VnE 1000 and VnE 3000 |
| Device Profiler (DP) | FreeBSD 4.9 | nCircle™ IP360™ Vulnerability Management System V6.3.4 | DP 1000 and DP 2000 |
| nTellect™ | FreeBSD 4.9 | nCircle™ IP360™ Vulnerability Management System V6.3.4 | nTellect™ 2000 |
This evaluation addressed the two configurations of the IP360™ listed below
- Configuration 1 includes one VnE, one Device Profiler, and one nTellect™
- Configuration 2 includes one VnE and one Device Profiler
The VnE, DP and nTellect™ are IP enabled devices that work individually and together. The vulnerability assessment provided by the IP360™ relies on the collaboration of the VnE, DP, and nTellect™ (if included in the configuration). The IP360™ collects information about a specific network and identifies IP enabled devices on that network that could have vulnerabilities to known attacks. The nTellect™ is an optional component of the IP360™ that, if added, improves the overall vulnerability assessment of the targeted network by mitigating the number of false positive alerts from Cisco's Secure IDS product.
The scope of this evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for the IP360™ Vulnerability Management System, the IT security requirements to be met, and the level of confidence (evaluation assurance level) to which it is asserted that the IP360™ Vulnerability Management System satisfies its IT security requirements. Consumers are advised to verify that their operating environment is consistent with the security target, and to give due consideration to the recommendations stated in the certification report.
Security Target: PDF (529KB) * Accessibility Notice * Official Languages Notice