Solved

HomeWork-Network Security is Evaluated Assurance Level (EAL) enough?

Posted on 2011-03-20
3
561 Views
Last Modified: 2012-05-11
Hello:

I would like to know how does the Common Criteria and EAL of a product determines how much security is acceptable. Below is the  assignment question:

Question
Sometimes commercial products include the fact that they are approved to meet Common Criteria at some specified Evaluated Assurance Level  (often EAL 3 or EAL 4) in the product literature. Assuming that this is a true claim ( verify it by looking at the “evaluated products list” on the National Information Assurance Partnership website), why is this not enough to just say “this product meets our security requirements”? Discuss what else needs to be considered before selecting such a product for a system.
0
Comment
Question by:Sundayy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 35182751
Think about this in terms of umbrellas.  The EAL level is for the software itself.  It does not include (necessarily) include the server OS, the firewall changes, the ports open, the protocols.  It includes just what the software on the server/workstation is doing while on that server/workstation.

Once a EAL approved software is selected, you will have to see how it affects the enterprise as a whole: what ports needs to be opened which are currently closed, what STIG Waivers will this require, how will this affect other technologies used, etc.

DrUltima
0
 

Author Closing Comment

by:Sundayy
ID: 35186762
Thank you for the info.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question