Solved

HomeWork-Network Security is Evaluated Assurance Level (EAL) enough?

Posted on 2011-03-20
3
560 Views
Last Modified: 2012-05-11
Hello:

I would like to know how does the Common Criteria and EAL of a product determines how much security is acceptable. Below is the  assignment question:

Question
Sometimes commercial products include the fact that they are approved to meet Common Criteria at some specified Evaluated Assurance Level  (often EAL 3 or EAL 4) in the product literature. Assuming that this is a true claim ( verify it by looking at the “evaluated products list” on the National Information Assurance Partnership website), why is this not enough to just say “this product meets our security requirements”? Discuss what else needs to be considered before selecting such a product for a system.
0
Comment
Question by:Sundayy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 35182751
Think about this in terms of umbrellas.  The EAL level is for the software itself.  It does not include (necessarily) include the server OS, the firewall changes, the ports open, the protocols.  It includes just what the software on the server/workstation is doing while on that server/workstation.

Once a EAL approved software is selected, you will have to see how it affects the enterprise as a whole: what ports needs to be opened which are currently closed, what STIG Waivers will this require, how will this affect other technologies used, etc.

DrUltima
0
 

Author Closing Comment

by:Sundayy
ID: 35186762
Thank you for the info.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
stacking Catalyst 3650 20 52
Question about Authentication Domain 6 95
policy based routing with recursive added - Cisco 1 62
Auto Qos question 1 23
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question