* Accessibility Notice * Official Languages NoticeNetwork Security, Inc.
101 Second Street, Suite 400
San Francisco, California 94105
United States
Telephone: 415-625-5900
Fax: 415-625-5982
sales@ncircle.com
The nCircleTM Network Security, Inc. IP360TM Vulnerability Management System V6.3.4 was the subject of a Common Criteria evaluation performed by the Common Criteria Evaluation Facility at EWA-Canada, located in Ottawa, Ontario, Canada. The evaluation was completed in May 2005.
The evaluation of the IP360TM Vulnerability Management System determined that this Information Technology (IT) product can be trusted, to an assurance level of EAL 3, to conform to the requirements of the associated security target.
The IP360TM is a vulnerability management system designed to monitor a network and assess in real time the vulnerabilities of the IP enabled devices that are linked to it. The evaluated configuration is comprised of:
| TOE Component | Operating System | Software Version | Hardware |
|---|---|---|---|
| Vulnerability and Exposures Manager (VnE) | FreeBSD v4.7 | nCircleTM IP360TM Vulnerability Management System V6.3.4 | VnE 1000 and VnE 3000 |
| Device Profiler (DP) | FreeBSD 4.9 | nCircleTM IP360TM Vulnerability Management System V6.3.4 | DP 1000 and DP 2000 |
| nTellectTM | FreeBSD 4.9 | nCircleTM IP360TM Vulnerability Management System V6.3.4 | nTellectTM 2000 |
The VnE, DP and nTellectTM are IP enabled devices that work individually and together. The vulnerability assessment provided by the IP360TM relies on the collaboration of the VnE, DP, and nTellectTM (if included in the configuration). The IP360TM collects information about a specific network and identifies IP enabled devices on that network that could have vulnerabilities to known attacks. The nTellectTM is an optional component of the IP360TM that, if added, improves the overall vulnerability assessment of the targeted network by mitigating the number of false positive alerts from Cisco's Secure IDS product.
The scope of this evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for the IP360TM Vulnerability Management System, the IT security requirements to be met, and the level of confidence (evaluation assurance level) to which it is asserted that the IP360TM Vulnerability Management System satisfies its IT security requirements. Consumers are advised to verify that their operating environment is consistent with the security target, and to give due consideration to the recommendations stated in the certification report.
Security Target: * Accessibility Notice * Official Languages Notice