Focus on Linux
Vulnerability Assessment of a EAL 4 system Nov 01 2006 10:12AM
castellan2004-fd yahoo com (3 replies)
Re: Vulnerability Assessment of a EAL 4 system Nov 02 2006 04:00PM
shashi (shashi boddula oracle com)
Re: Vulnerability Assessment of a EAL 4 system Nov 01 2006 09:32PM
terry white (twhite aniota com)
RE: Vulnerability Assessment of a EAL 4 system Nov 01 2006 05:34PM
Stong, Ian (Ian Stong ctr disa mil) (1 replies)
You should get a copy of the security target and protection profiles
used for the EAL4 accreditation. This will give you insight into what
they evaluated against. I would then suggest performing standard Linux
checks on the system (sounds like you already did some of that). Any
standard security protections missing need to be weighed against what
the vendor has done to provide similar protections.

Thanks,

Ian Stong

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of castellan2004-fd (at) yahoo (dot) com [email concealed]
Sent: Wednesday, November 01, 2006 5:12 AM
To: focus-linux (at) securityfocus (dot) com [email concealed]
Subject: Vulnerability Assessment of a EAL 4 system

I am looking at a Linux server which has been accredited as a EAL4
system by IBM. During the assessment, I was looking for standard Linux
protections like iptables, ssh etc. On this server, there is no
iptables.

Regardless, I would like to know how to evaluate a EAL
4 system. What do you need to look for in the EAL 4 system in
production that could become vulnerable?

Thank you in advance for any help.

[ reply ]
RE: Vulnerability Assessment of a EAL 4 system Nov 02 2006 03:43PM
Takayama Kawika (DTI) (Kawika Takayama state de us)


 

Privacy Statement
Copyright 2010, SecurityFocus