Solved

HomeWork-Network Security is Evaluated Assurance Level (EAL) enough?

Posted on 2011-03-20
3
554 Views
Last Modified: 2012-05-11
Hello:

I would like to know how does the Common Criteria and EAL of a product determines how much security is acceptable. Below is the  assignment question:

Question
Sometimes commercial products include the fact that they are approved to meet Common Criteria at some specified Evaluated Assurance Level  (often EAL 3 or EAL 4) in the product literature. Assuming that this is a true claim ( verify it by looking at the “evaluated products list” on the National Information Assurance Partnership website), why is this not enough to just say “this product meets our security requirements”? Discuss what else needs to be considered before selecting such a product for a system.
0
Comment
Question by:Sundayy
3 Comments
 
LVL 31

Accepted Solution

by:
DrUltima earned 500 total points
ID: 35182751
Think about this in terms of umbrellas.  The EAL level is for the software itself.  It does not include (necessarily) include the server OS, the firewall changes, the ports open, the protocols.  It includes just what the software on the server/workstation is doing while on that server/workstation.

Once a EAL approved software is selected, you will have to see how it affects the enterprise as a whole: what ports needs to be opened which are currently closed, what STIG Waivers will this require, how will this affect other technologies used, etc.

DrUltima
0
 

Author Closing Comment

by:Sundayy
ID: 35186762
Thank you for the info.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now