12
8.3 Vulnerability Analysis
The evaluation team ensured that the TOE does not contain exploitable flaws or weaknesses in
the TOE based upon the Vulnerability Analysis, the evaluation team’s Vulnerability Analysis,
and the evaluation team’s performance of penetration tests.
The Developer performed a Vulnerability Analysis of the TOE to identify any obvious
vulnerabilities in the product and to show that they are not exploitable in the intended
environment for the TOE operation. In addition, the evaluation team conducted a sampling of
the vulnerability sites claimed by the Sponsor to determine the thoroughness of the analysis.
Based on the results of the Vulnerability Analysis, the evaluation team devised penetration
testing to confirm that the TOE was resistant to penetration attacks performed by an attacker
with an expertise level of unsophisticated. The evaluation team conducted testing using the same
test configuration that was used for the independent team testing. In addition to the
documentation review used in the independent testing, the team used the knowledge gained
during independent testing to devise the penetration testing. This resulted in a two penetration
tests.
9 Evaluated Configuration
The evaluated configuration of the Belkin® OmniView™ Secure KVM Switch, as defined in the
Security Target, consists of one hardware component and one firmware component (please refer
to Tables 1 and 2).
The Belkin® OmniView™ Secure KVM Switch is already configured when it is shipped to the
customers. No additional instructions are necessary for the secure installation and startup of the
TOE.
10 Results of the Evaluation
The evaluation was carried out in accordance with the Common Criteria Evaluation and
Validation Scheme (CCEVS) processes and procedures. The TOE was evaluated against the
criteria contained in the Common Criteria for Information Technology Security Evaluation,
Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation
is the Common Methodology for Information Technology Security Evaluation, Version 3.1.
InfoGard has determined that the product meets the security criteria in the Security Target, which
specifies an assurance level of EAL 4. A team of Validators, on behalf of the CCEVS Validation
Body, monitored the evaluation. The evaluation was completed in January 2009.
11 Validator Comments/Recommendations
It should be noted that Precedent Decision -138 affects the Protection Profile that this TOE
conforms with. The customer is urged to review PD-138 (http://www.niap-ccevs.org/cc-
scheme/PD/0138.html) as products compliant with this profile may not include mechanisms to
ensure that all peripheral memory is cleared when the device is switched between computers.
Switching functionality for the Belkin OmniView Secure DVI Dual-Link KVM switch includes
complete disconnect of the active Host during switching, resulting in the requisite USB reset
upon reconnection to the new Host. Through USB enumeration rules, this reset activity
(50 páginas)
(22 páginas)
(52 páginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais