3Com Corporation today announced that the 3Com Firewall PC Card for notebook computers and the 3Com Embedded Firewall Policy Server, developed in collaboration with Secure Computing Corporation, have received the equivalent of the international gold standard for commercially-sold security products.
After a rigorous testing process, 3Com`s Firewall PC Card and Embedded Firewall Policy Server were awarded the Evaluated Assurance Level 2 + Flaw Remediation (EAL2+) under the Common Criteria. The Common Criteria are a set of standards used worldwide to evaluate and validate the level of security functionality and reliability of IT products as they relate to ensuring the confidentiality, integrity and availability of information.
"The Navy Warfare Development Command has used the Embedded Firewall card as an example of current system defense technology during four separate experiments," said CDR Jeff White, Information Warfare Officer at the U.S. Navy Warfare Development Command in Newport, R.I. "We have demonstrated the significant potential of these technologies in protecting military networks from deliberate damage from authorized `Red Team` attacks. Along with deterring these attacks, feedback from operators found Embedded Firewalls to be user friendly, simple to set up and easy to maintain."
"Achieving Common Criteria certification is an influential, independent validation for 3Com`s innovative Embedded Firewall solutions and assures governments and security-conscious enterprises worldwide that they can trust the Embedded Firewall to help protect their networks," said Patrick Guay, Vice President and General Manager, LAN Infrastructure Division, 3Com. "In fact, many governments, including those in the United States, will not deploy IT security products until they have passed the rigorous testing procedures and stringent standards of the Common Criteria."
Under the strict requirements of the Common Criteria, the 3Com products were evaluated both functionally and structurally. Functional evaluation, or EAL1 under the Common Criteria, verifies that the product`s security functions perform as intended. Structural evaluation, or EAL2 under the Common Criteria, evaluates the product`s security design, the security functionality of the product in an actual implementation and that the vendor has searched for and corrected vulnerabilities. To achieve the additional Flaw Remediation (FLR.2), or +, designation, 3Com established procedures for the tracking of security flaws if any are found, identification of corrective actions and the distribution of corrective action information to customers.
"Secure Computing has worked for more than two years to with DARPA (Defense Advanced Research Projects Agency, the R&D branch of the U.S. Department of Defense). We have successfully transitioned those research efforts into a commercially available solution from 3Com to provide one of the most practical, tamper-resistant network security solutions available today," said Chris Filo, vice president and general manager, Advanced Technology Division at Secure Computing. "Commercial enterprises and government agencies throughout the world now have an internationally recognized certified solution for defining and enforcing security policies for mobile workers using notebook computers; an option that until now simply did not exist."
Share
3Com Embedded Firewall products add a critical layer of distributed, tamper-resistant protection against network attacks and unauthorized access. 3Com Firewall PCI and PC Card families of hardware firewalls protect servers, desktops, and notebooks across the enterprise-inside and outside the corporate perimeter. 3Com Embedded Firewall Policy Server software delivers timesaving central management of security policies and embedded firewall systems. For more information about 3Com`s security solutions, visit www.3com.com/security.
Common Criteria
The Common Criteria for information Technology Security Evaluation (CC) defines general concepts and principles of IT security evaluation and presents a general model of evaluation. It presents constructs for expressing IT security objectives, for selecting and defining IT security requirements, and for writing high-level specifications for products and systems.
The CC represents the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the international community. In 1990 the Organisation for Standardisation (ISO) sought to develop a set of international standard evaluation criteria for general use. The CC project was started in 1993 in order to bring the standards efforts of multiple nations together into a single international standard for IT security evaluation. The new Criteria were to be responsive to the need for mutual recognition of standardized security evaluation results in a global IT market.
Secure Computing
Secure Computing (Nasdaq: SCUR) has been protecting the most important networks in the world for over 20 years. With broad expertise in security technology, we develop network security products that help our customers create a trusted environment both inside and outside of their organizations. Our global customers and partners include the majority of the Dow Jones Global 50 Titans and the most prominent organizations in banking, financial services, healthcare, telecommunications, manufacturing, public utilities, and federal and local governments. The company is headquartered in San Jose, Calif., and has sales offices worldwide. For more information, see http://www.securecomputing.com.
3Com Corporation
3Com is a tier-one provider of innovative, practical and high-value voice and data networking products, services and solutions for enterprises of all sizes and public sector organizations. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox.
Editorial contacts