Solved

HomeWork-Network Security is Evaluated Assurance Level (EAL) enough?

Posted on 2011-03-20
3
563 Views
Last Modified: 2012-05-11
Hello:

I would like to know how does the Common Criteria and EAL of a product determines how much security is acceptable. Below is the  assignment question:

Question
Sometimes commercial products include the fact that they are approved to meet Common Criteria at some specified Evaluated Assurance Level  (often EAL 3 or EAL 4) in the product literature. Assuming that this is a true claim ( verify it by looking at the “evaluated products list” on the National Information Assurance Partnership website), why is this not enough to just say “this product meets our security requirements”? Discuss what else needs to be considered before selecting such a product for a system.
0
Comment
Question by:Sundayy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 35182751
Think about this in terms of umbrellas.  The EAL level is for the software itself.  It does not include (necessarily) include the server OS, the firewall changes, the ports open, the protocols.  It includes just what the software on the server/workstation is doing while on that server/workstation.

Once a EAL approved software is selected, you will have to see how it affects the enterprise as a whole: what ports needs to be opened which are currently closed, what STIG Waivers will this require, how will this affect other technologies used, etc.

DrUltima
0
 

Author Closing Comment

by:Sundayy
ID: 35186762
Thank you for the info.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
Learn how ViaSat reduced average response times for IT incidents from 10 minutes to 30 seconds.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question