3Com embedded firewall hurdles rigorous tests

SANTA CLARA, California – 3Com Corp. recently announced that the 3Com Firewall PC Card for notebook computers and the 3Com Embedded Firewall Policy Server, developed in collaboration with Secure Computing Corp., have received the equivalent of the international gold standard for commercially sold security products.

After a rigorous testing process, 3Com’s Firewall PC Card and Embedded Firewall Policy Server were awarded the Evaluated Assurance Level 2 + Flaw Remediation (EAL2+) under the "Common Criteria."

The Common Criteria are a set of standards used worldwide to evaluate and validate the level of security functionality and reliability of IT products as they relate to ensuring the confidentiality, integrity and availability of information.

"The Navy Warfare Development Command has used the Embedded Firewall card as an example of current system defense technology during four separate experiments," said Cdr. Jeff White, information warfare officer at the US Navy Warfare Development Command in Newport, R.I.

"We have demonstrated the significant potential of these technologies in protecting military networks from deliberate damage from authorized ‘Red Team’ attacks. Along with deterring these attacks, feedback from operators found embedded firewalls to be user friendly, simple to set up and easy to maintain," White said. "Achieving Common Criteria certification is an influential, independent validation for 3Com’s innovative Embedded Firewall solutions and assures governments and security-conscious enterprises worldwide that they can trust the Embedded Firewall to help protect their networks," said Patrick Guay, Vice President and General Manager, LAN Infrastructure Division, 3Com. "In fact, many governments, including those in the United States, will not deploy IT security products until they have passed the rigorous testing procedures and stringent standards of the Common Criteria."

Under the strict requirements of the Common Criteria, the 3Com products were evaluated both functionally and structurally. Functional evaluation, or EALI under the Common Criteria, verifies that the product’s security functions perform as intended. Structural evaluation, or EAL2 under the Common Criteria, evaluates the product’s security design, the security functionality of the product in an actual implementation and that the vendor has searched for and corrected vulnerabilities. To achieve the additional Flaw Remediation (FLR.2), or +, designation, 3Com established procedures for the tracking of security flaws if any are found, identification of corrective actions and the distribution of corrective action information to customers.