SecurityServicesAppliance

TechnicalOverview
IAssure 8/31/2009

Thisdocumentcontainsthedesign,architectureandcomponentsthatcomprisetheSecurityServices Appliance(SSA).2009IAssure,LLC.AllRightsReserved

RevisionRecord
VERSION 1.0 8/28/09 DATE AUTHOR IAssure,LLC CHANGEDESCRIPTION InitialDocument

TableofContents 3.0 3.1 SecurityServicesAppliance..............................................................................................................4 SecurityServicesApplianceSubsystems.......................................................................................6 HostBasedSecuritySystem(HBSS)......................................................................................6

3.1.1

3.1.1.1 McAfeeePolicyOrchestrator(ePO)...............................................................................6 3.1.1.2 McAfeeHostIntrusion...................................................................................................7 3.1.1.3 IPSFeatures......................................................................................................................7 3.1.1.3.1 3.1.1.3.2 FirewallFeature............................................................................................................8 ApplicationBlockingFeature........................................................................................8

3.1.1.4 GeneralFeature...............................................................................................................8 3.1.1.5 McAfeeRogueSystemDetection ..................................................................................8 . 3.1.1.6 McAfeePolicyAuditor....................................................................................................9 3.1.1.7 DeviceControlModule..................................................................................................10 3.1.2 SecureConfigurationComplianceValidationInitiative(SCCVI) ........................................11 .

3.1.2.1 eEyeDigitalSecuritysRetinaNetworkSecurityScanner............................................12 3.1.2.2 RemoteEnterpriseManager(REM)...............................................................................12 3.1.2.3 REMUpdateServer........................................................................................................13 3.1.3 SecureConfigurationRemediationInitiative(SCRI)...........................................................13 HerculesFlashBox.......................................................................................................14

3.1.3.1

3.1.3.2 HerculesRemediationManager.....................................................................................14 3.1.3.3 HerculesClients..............................................................................................................14 3.1.4 3.1.5 WindowsServerUpdateServices(WSUS)..........................................................................14 EnterpriseAntivirusandAntispyware................................................................................15

3.1.5.1 AntivirusEnterprise........................................................................................................15 . 3.1.5.2 AntiSpywareEnterprise .................................................................................................15 3.2 3.3 3.4 3.5 3.6 Ports,ProtocolsandServices......................................................................................................16 AccreditationBoundary..............................................................................................................17 ExternalInterfacesandDataFlow..............................................................................................17 HardwareList..............................................................................................................................18 SoftwareList...............................................................................................................................18

3.0 SecurityServicesAppliance
TheSecurityServicesAppliance(SSA)isapreconfiguredhardwareappliancebasedontheDellR7102U rack mounted platform that provides compliance with the following DoD required Enterprise InformationAssurance(IA)Tools: HostBasedSecuritySystem(HBSS),Section3.1 SecureConfigurationComplianceValidationInitiative(SCCVI),Section3.2 SecureConfigurationRemediationInitiative(SCRI),Section3.3

Additionally,theSAAincorporatesthefollowingIAfunctions: WindowsServerUpdateServices(WSUS),Section3.4 EnterpriseAntivirusandAntispyware,Section3.5 EnterpriseAudit,Section3.6

TheSSAhardwareplatformprovidesthefollowingfeaturestosupportavailability: Dual,redundantpowersuppliestosupportfailover Dual,quadnetworkinterfacecardsfornetworkloadbalancingandfailover RAID1harddriveconfigurationforfullmirroring Dual,sixcoreprocessors Dualrankedmemory

TheSSAutilizesVMWareESX3.5iorVSphere4iastheunderlyinghypervisortoestablishGuestvirtual machinestosupporttheaboveIAfunctions.Virtualizationallowsmultiplevirtualmachinesonasingle physicalmachine,sharingtheresourcesofthatsinglecomputeracrossmultipleenvironments.Different virtual machines can run different operating systems and multiple applications on the same physical computer.TheSSAisconfiguredtosupportthefollowingfourvirtualmachines: VirtualMachine#1supportHBSSandEnterpriseAntivirus/Antispyware VirtualMachine#2supportSCCVI VirtualMachine#3supportSCRIandWSUS VirtualMachine#4supportEnterpriseAudit

Thefollowingdiagramdepictsthevirtualmachinedistribution:

Virtual Machines
HBSS AntiVirus AntiSpyware SCRI WSUS

SCCVI

Audit

Security Services Appliance

Each virtual machine utilizes Windows 2003 R2 Enterprise as the base operating system. The base operating system has been configured in accordance with the DISA Windows STIG. All backend databases that are required to support the IA functions utilize Microsoft SQL 2005 Express and have beenconfiguredtocomplywiththeDISADatabaseSTIG.Allfrontendwebserversthatarerequiredto support the IA functions utilize Microsoft IIS or Apache and have been configured to comply with the DISAWebSTIG.ThebelowdiagramdepictsthehighlevelarchitectureoftheSSA:

3.1

SecurityServicesApplianceSubsystems

3.1.1 HostBasedSecuritySystem(HBSS) HostBasedSecuritySystem(HBSS)isoneoftheDepartmentofDefensescountermeasuresagainstthe many threats and malicious attacks targeted against our networks. Although HBSS is known to be a powerfulcountermeasuretoolagainstknownthreats,itisimportanttorememberthatHBSScanonly protectyournetworktotheextentofitsconfiguration. ThisHBSSdeploymentwasconfiguredpertheDefenseInformationSystemsAgency(DISA)FieldSecurity Operations(FSO)teamHBSS3.0ConfigurationGuide. Currently, HBSS is operated under a Type Accreditation issued by the DISA CIO under DITPR ID 8642, expiring2December2009.Siteaccreditationresponsibilitieshavebeenincorporatedintothiseffort. HBSSiscomprisedofthesubsystemslistedanddescribedinthefollowingsections. 3.1.1.1McAfeeePolicyOrchestrator(ePO) McAfee ePO allows IT administrators to centrally manage McAfee products that make up the HBSS suite of components. ePO provides integration within and between endpoints, networks, data, and compliancesolutionsreducessecuritygapsandmanagementcomplexity. Centralizedvisibilityhighlights: Singlepointofreferenceforenterprisesecurityenablesyoutoquicklyidentifyandunderstand relationshipsbetweensecurityeventsthroughouttheaccreditationboundary. Webinterfaceprovidesflexibilitytomanagesecurityenterprisewide. Customizable dashboards, using the DISA provided templates, and user interface provide personalizedviewsofthesecuritystatusandtrends. Automated reports and dashboards provide clear, current rolebased visibility into security statusacrosstheaccreditationboundary. Rolebasedpermissionsensureappropriateaccessandcontrolforalladministrators. ThebelowpicturepresentsabasicoverviewoftheePOconsole:

3.1.1.2 McAfeeHostIntrusion McAfee Host Intrusion Prevention is a hostbased intrusion detection and prevention system that protectssystemresourcesandapplicationsfromexternalandinternalattacks. Host Intrusion Prevention protects against unauthorized viewing, copying, modifying, and deleting of information and the compromising of system and network resources and applications that store and deliver information. It accomplishes this through a combination of host intrusion prevention system signatures(HIPS),networkintrusionpreventionsystemsignatures(NIPS),behavioralrules,andfirewall rules.SignaturesandrulesetsareprovidedbyDISA. Host Intrusion Prevention clients are deployed to servers and desktops and function as independent protective units. They report their activity to ePO and retrieve updates for new attack definitions throughDISA. Host Intrusion Prevention is fully integrated with ePO and uses the ePO framework for delivering and enforcingpolicies.ThedivisionofHostIntrusionPreventionfunctionalityintoIPS,Firewall,Application Blocking,andGeneralfeaturesprovidesgreatercontrolindeliveringpolicyprotectionsandprotection levelstotheusers. 3.1.1.3 IPSFeatures The IPS (Intrusion Prevention System) feature monitors all system and API calls and blocks those that mightresultinmaliciousactivity.HostIntrusionPreventiondetermineswhichprocessisusingacall,the securitycontextinwhichtheprocessruns,andtheresourcebeingaccessed.Akernelleveldriver,which receives redirected entries in the usermode system call table, monitors the system call chain. When

calls are made, the driver compares the call request against a database of combined signatures and behavioralrulestodeterminewhethertoallow,block,orloganaction. 3.1.1.3.1 FirewallFeature TheHostIntrusionPreventionFirewallfeatureactsasafilterbetweenacomputerandthenetworkor Internet it is connected to. The Firewall Rules policy uses static packet filtering with topdown rule matching. When a packet is analyzed and matched to a firewall rule, with criteria such as IP address, portnumber,andpackettype,thepacketisallowedorblocked.Ifnomatchingruleisfound,thepacket is dropped. The current version Firewall Rules policy uses both stateful packet filtering and stateful packetinspection. 3.1.1.3.2 ApplicationBlockingFeature TheApplicationBlockingfeaturemonitorsapplicationsbeingusedandeitherallowsorblocksthem. HostIntrusionPreventionofferstwotypesofapplicationblocking: Applicationcreation Applicationhooking WhenHostIntrusionPreventionmonitorsapplicationcreation,itlooksforprogramsthataretryingto run. In most cases, there is no problem; but, there are some viruses, for example, that try to run programs that harm a system. This is prevented by creating application rules, similar to firewall rules, whichonlyallowprogramstorunthatarepermittedforauser. WhenHostIntrusionPreventionmonitorsapplicationhooking,itlooksforprogramsthataretryingto bindorhookthemselvestootherapplications.Sometimes,thisbehaviorisharmless,butsometimes thisissuspiciousbehaviorthatcanindicateavirusorotherattackonyoursystem. 3.1.1.4 GeneralFeature TheHostIntrusionPreventionGeneralfeatureprovidesaccesstopoliciesthataregeneralinnatureand notspecifictoIPS,Firewall,orApplicationBlockingfeatures.Thisincludes: Enablingordisablingtheenforcementofallpolicies. Determininghowtheclientinterfaceappearsandisaccessed. Creatingandeditingtrustednetworkaddressesandsubnets. Creatingandeditingtrustedapplicationstopreventtriggeringfalsepositiveevents. 3.1.1.5 McAfeeRogueSystemDetection Roguesystemsaresystemsthataccesstheaccreditationboundary,butarenotmanagedbytheePolicy Orchestratorserver.Aroguesystemcanbeanydeviceonthenetworkthathasanetworkinterfacecard (NIC). Rogue System Detection provides realtime detection of rogue systems through use of Rogue System Sensors installed throughout the network. These sensors listen to network broadcast messages and

DHCPresponsestodetectsystemsconnectedtothenetwork.Whenthesensordetectsasystemonthe network, it sends a message to the ePolicy Orchestrator server. The server then checks whether the systemhasanactiveagentinstalledandmanaged.IfthesystemisunknowntotheePOserver,Rogue SystemDetectionprovidesinformationtoePolicyOrchestratortoallowyoutotakeremediationsteps, includingalertingnetworkandantivirusadministratorsorautomaticallydeployingaMcAfeeAgentto thesystem. Thesystemiscurrently configured to automaticallydeploy the McAfeeAgentandnotify thesystemsadministratorthatadditionalactionsmayneedtobeperformed. ThebelowdiagrampresentsabasicoverviewoftheRogueSystemDetectionreportingmechanism:

3.1.1.6 McAfeePolicyAuditor McAfee Policy Auditor maps IT controls against predefined policy content and automates manual auditprocessesandtoaccuratelyreportagainstinternalandexternalpolicies.McAfeePolicyAuditor hasbeenconfiguredtouseacustomcreatedauditpolicytoverifytheDISAWindowsSTIGrequirements as the baseline audit content. McAfee Policy Auditor is configured to perform weekly scans of identified systems to ensure compliance. McAfee Policy Auditor results are then imported into the DISA SCRI product, McAfee Remediation Manager, for automated remediation of noncompliant systems Additionally, McAfee Policy Auditor has been extended to include basic file integrity monitoring capabilities, including detection of changes to file and directory permissions and content through scheduledscans.

ThebelowdiagrampresentsabasicoverviewoftheMcAfeePolicyAuditorreportingmechanism:

3.1.1.7 DeviceControlModule McAfee Device Control protects critical data from leaving the accreditation boundary through removable media, such as USB drives, iPods, Bluetooth devices, recordable CDs and DVDs. McAfee DeviceControlprovidesextremelygranularcontroloversensitivedata.Policieshavebeenimplemented that specify which devices can and cannot be used and defines what data can and cannot be copied ontoalloweddevices.InaccordancewithcurrentDoDpolicy,accesstoremovablehasbeenrestricted andisonlyavailableonacasebycasebasis.Thefollowingfeaturesareavailablewithinthisproduct: Regulate how users copy data to USB drives, iPods, recordable CDs and DVDs, floppies, BluetoothandIrDAdevices,imagingdevices,COMandLPTports. Protect all data, formats, and derivatives even when data is modified, copied, pasted, compressed,orencrypted. Prevent data loss wherever users go, without disrupting legitimate daytoday activities CentralizedmanagementthroughMcAfeeePO. Quickly and easily configure, deploy, and update policies and agents throughout the environmentfromacentralizedmanagementconsole. Setdeviceanddatapoliciesbyuser,group,ordepartment Specify which devices can and cannot be used by any Windows device parameter, including productID,vendorID,serialnumbers,deviceclass,devicename. Specifywhatcontentcanorcannotbecopiedontodevicesthatareallowedaccess.

Supportauditingandcomplianceneedswithdetaileduseranddevicelevellogging. Gather incident details such as device, time stamp, data evidence, and more for prompt and properresponse,investigation,andaudit.

ThebelowdiagrampresentsabasicoverviewoftheDeviceControlinteraction:

3.1.2 SecureConfigurationComplianceValidationInitiative(SCCVI) The DoD has selected and approved the installation and utilization of the SCCVI suite software to enhancethe securitypostureofbothunclassifiedandclassified networkswithintheDOD community, which composes part of the Defense Information Infrastructure (DII). This product supplements and complements DISAs DefenseinDepth (DID) approach to protect, detect, react, and respond to possibleintruderattacksagainstDISAassetsworldwide. Currently, SCCVI is operated under a Type Accreditation issued by the DISA CIO under DITPR ID 5956, expiring15November2011.Siteaccreditationresponsibilitieshavebeenincorporatedintothiseffort.

This SCCVI deployment was configured per the Defense Information Systems Agency (DISA) Field SecurityOperations(FSO)teamSCCVIConfigurationGuide. The SCCVI suite software provides network administrators and security personnel the capability of verifyingvulnerabilitycompliance.TheSCCVIsuitesoftwareiscomprisedofthefollowingsubsystems: eEyeDigitalSecuritysRetinaNetworkSecurityScanner RemoteEnterpriseManager(REM) REMUpdateServer 3.1.2.1 eEyeDigitalSecuritysRetinaNetworkSecurityScanner eEye Digital Securitys Retina Network Security Scanner is a vulnerability management network scanner. It discovers assets and identifies known security vulnerabilities on a number of different platformsandtechnologiesincludingservers,databases,switches,routersandwirelessaccesspoints. Retinahelpssecurenetworksby: Accurately discovering all the assets in the network infrastructure including operating system platforms, networked devices, databases and third party or custom applications. Retina also discoverswirelessdevicesandtheirconfigurations,ensuringtheseconnectionscanbeaudited for the appropriate security settings. Additionally, Retina scans active ports and confirms the servicesassociatedwiththoseports. Implementingcorporatepolicydrivenscanstoauditinternalsecurityguidelinesandensurethat configuration requirements are enforced and comply with defined standards. Retina is configuredusingtheAllAuditspolicy. Remotelyidentifyingsystemlevelvulnerabilitiestomimicanattackerspointofview,providing informationthatanoutsiderwouldseeaboutyournetwork. Providingaworkflowapproachtovulnerabilitymanagement.Retinasuserinterfaceallowsfor multipleviewsandreportingoptionswithwhichtoanalyzeassessmentdata. 3.1.2.2 RemoteEnterpriseManager(REM) The Remote Enterprise Manager (REM) allows multiple scanners to be managed from one centralized location. It also provides the ability for scanners to report their findings to on centralized location. Fromherereportscanbegeneratedbasedondatacollectedfromallofthescannersreportingtothe REM.ThebelowdiagrampresentsabasicoverviewoftheREMconsole:

3.1.2.3 REMUpdateServer The REM Update Server allows administrators to manage all of their eEye Digital Security application and data updates from a central location. The main screen in the REM Update Server allows administrators to easily check if updates are available for their applications and data. If updates are available,administratorsareprovidedwiththeoptionofdownloadingtheupdatestoanintermediate repository. The stored updates can then be downloaded from the repository and distributed to the clientmachinesthroughtheorganization'snetwork. 3.1.3 SecureConfigurationRemediationInitiative(SCRI) The SCRI software provides an enterprisewide automated standardized tool to audit and remediate emergingandknownInformationAssurance(IA)vulnerabilitiesattheassetlevelfortheDoD.TheSCRI toolleveragesthescanneddataprovidedbySCCVItoapplypatches,upgrades,fixes,orcustomchanges to a specific system or group of systems impacted by IAVM information to facilitate the automatic vulnerabilityremediationofdevicesonanetwork.TheSCRItoolprovidesasequenceofautomatically executableremediationstepsknownasremediesthatwillcorrecteachrecognizedvulnerability. Currently, SCRI is operated under a Type Accreditation issued by the DISA CIO under DITPR ID 5957, expiring29June2012.Siteaccreditationresponsibilitieshavebeenincorporatedintothiseffort.

This SCCVI deployment was configured per the Defense Information Systems Agency (DISA) Field SecurityOperations(FSO)teamSCCVIConfigurationGuide.TheSCCVIsuitesoftwareiscomprisedofthe followingsubsystems: HerculesFlashBox HerculesAdministrator HerculesClients 3.1.3.1HerculesFlashBox The Hercules FlashBox is owned and managed by DISA. The FlashBox service allows the local SCRI installation to receive patches and policy updates from DISA. The system is set to retrieve updates nightly.Oncepatchesareretrieved,theycanbepushedtoHerculesclients. 3.1.3.2 HerculesRemediationManager HerculesRemediationManageristhefrontendconsolethatHerculesAdministratorsutilizetoconfigure the application. Remediation Manager controls client deployments and provides instructions and commandstoclientsforpatchinstallation,checkpatchstatusandvulnerabilitystatusandremediation. TheRemediationManagerincludestheHerculesDownloadServer,whichfacilitatesthedownloadingof requiredpatchesfromDISAandtheHerculesChannelManagerwhichkeepsastatusofpatchdownload locations. 3.1.3.3 HerculesClients Herculesclientsareinstalledonmanagedclientstofacilitatethepatchinstallationprocess.TheHercules Clients are controlled by Hercules Remediation Manager and respond to commands and instructions. Clients check in with Remediation Manager at specified intervals, or the Remediation Manager can directlyscheduletaskswiththeclients. 3.1.4 WindowsServerUpdateServices(WSUS) WindowsServerUpdateServices(WSUS)enablesinformationtechnologyadministratorstodeploythe latest Microsoft product updates to computers that are running the Windows operating system. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network. This installation of WSUS utilizes the DISAmanaged WSUSservertosynchronizeanddownloadupdates.TheWSUSinstallationwasperformedutilizingthe DISAprovidedguidancebyestablishinganewIIS website,locatingallupdatesonaseparatepartition andconfiguringtheinstallationtoDISASTIGstandards.AGroupPolicyObject(GPO)canbeutilizedinan ActiveDirectoryenvironmenttopushthelocalWSUSsettingstoclientmachinestodirectthemtothe localWSUSserverinstallationforpatchesandupdates.FornonActiveDirectoryenvironments,clients canbemanuallyconfiguredtopointtothelocalWSUSinstallation.

3.1.5 EnterpriseAntivirusandAntispyware VirusScanEnterpriseandAntispywareareintegratedintotheHBSSePOconsoletoprovidecentralized deployment,policyconfigurationandenforcement,anddetailedreporting.Thisenterprisedeployment isconfiguredtosupportWindows,Linux,SolarisandMacintoshclients. 3.1.5.1 AntivirusEnterprise McAfeeVirusScanEnterpriseproactivelystopsandremovesthreats,extendscoveragefornewsecurity risks,andreducesthecostofmanagingoutbreakresponses.Virussecurityproductsareonlyasgoodas theirmostrecentupdates.VirusScanEnterprisehasbeenconfiguredforautomaticdailyupdatesfrom theePOconsoletoensurethatdesktopsandserversarealwaysuptodatewiththelatestMcAfeeDAT files and engines the ePO console receives its updates from the DISA managed update server. Additionally, the ePO console has been configured to apply the required Desktop STIG settings for VirusScanEnterpriseandperformdailyvirusscans. ThebelowpicturepresentsabasicoverviewoftheVirusScanEnterpriseconsole:

3.1.5.2 AntiSpywareEnterprise McAfee Antispyware Enterprise ensures that Potentially Unwanted Programs (PUP) can be detected and removed. PUPs include adware, cookies, dialers, key loggers and remote administration tools. McAfee Antispyware Enterprise quickly identifies, blocks and eliminates PuPs before they can cause anydamage.Onaccessscanningisperformedtocatchproblemspriortoinstallation.Additionally,the ePOconsolehasbeenconfiguredtoapplytherequiredDesktopSTIGsettingsforAntiSpyware.

3.2 Ports,ProtocolsandServices
Thefollowingtableliststheinternalportandprotocolflow.Allcommunicationisinternalanddoesnot crosstheouterfirewallboundary.
ExternalSystem Name HBSS HBSS External SystemIP Address TBD TBD Internal System Name Internal Clients ePO Admins Internal Clients Data Classification Sensitive Sensitive

Protocol TCP/80 HTTP TCP/443 HTTPS TCP/8081

Direction Outbound Outbound

Other Agent/Server communication ePOConsole webbrowser SuperAgentto AgentWakeup Call UDPforthe SuperAgent broadcastfor Global updating SuperAgent WakeupCall, usesSPIPE EventParserto TOMCAT Service Roguesystem detection sensordefault Notifications port Security Threats communication WSUSClients Hercules Administrator Remediate Windows operating systems Remediate Unixoperating systems REMweb access Securityevents

HBSS

TBD

Sensitive

Outbound

HBSS

TBD

Internal Clients

Sensitive

UDP/8081

Outbound

HBSS

TBD

Internal Clients Internal Clients Internal Clients Internal Clients Internal Clients Internal Clients SCRI Admins Internal Clients Internal Clients SCCVI Admins Internal Clients

Sensitive

TCP/8082

Outbound

HBSS

TBD

Sensitive

TCP/8080 TCP/8444 HTTPS TCP/8445 HTTPS TCP/8801 HTTP TCP/8530 HTTP TCP/443 HTTPS TCP/445

Outbound

HBSS HBSS HBSS SCRI SCRI

TBD TBD TBD TBD TBD

Sensitive Sensitive Sensitive Sensitive Sensitive

Outbound Outbound Outbound Outbound Outbound

SCRI

TBD

Sensitive

Both

SCRI SCCVI AUDIT

TBD TBD TBD

Sensitive Sensitive Sensitive

TCP/22 TCP/443 HTTPS UDP/514 SYSLOG

Both Outbound Outbound

3.3 AccreditationBoundary

3.4 ExternalInterfacesandDataFlow

ExternalSystem Name ocsp.disa.mil External SystemIP Address 164.235.5.70 Internal SystemIP Address Data Classification Sensitive Sensitive Sensitive Sensitive

Protocol

Direction

Other Certificate verification HBSS updates Microsoft updates SCRI updates

HBSS SCRI SCCVI mainepo.csd.disa.mil 164.235.73.253 HBSS x.x.x.x dodwsus.csd.disa.mil 164.235.43.251 SCRI x.x.x.x mainflash.csd.disa.mil 152.229.146.49 SCRI x.x.x.x

HTTP HTTP HTTP HTTP

Outbound Outbound Outbound Outbound

3.5

HardwareList
IAEnabled (Yes/No) No No No No No CCEval Status N/A N/A N/A N/A N/A Model Number R710 Virtual Virtual Virtual Virtual

Reference VirtualServer host VirtualServer Guest VirtualServer Guest VirtualServer Guest VirtualServer Guest

Manufacturer Dell Virtual Virtual Virtual Virtual

DeviceName VM HBSS SCRI SCCVI AUDIT

Firmware

3.6

SoftwareList
IAEnabled (Yes/No) No No Yes CCEval Status N/A N/A EAL2

Application ActivClient AdobeReader eEyeDigital SecurityREM EventsManager eEyeDigital SecurityREM EventsServer eEyeDigital SecurityRetina McAfeeHercules Remediation Manager McAfeeHercules Remediation Clientfor Windows J2SERuntime Environment5.0 Update20 Java(TM)6 Update15 McAfeeAgent McAfee AntiSpyware

Version 6.1 9.1.3 3.6.7.1429

DADMS# 48585 57392 57184

FAMStatus Approved Approved NewAdd

Purpose CAClogon PDFviewer Vulnerability Assessment Vulnerability Assessment Vulnerability Assessment Vulnerability Remediation Vulnerability Remediation

3.6.6.1412 5.10.14.1728 4.5.0

57184 56860 53595

NewAdd AWR Approved

Yes Yes Yes

EAL2 EAL2 EAL3

4.5.0

48131

Approved

Yes

EAL3

1.5.0.200 6.0.150 4.0.0.1421 8.7.0.129

57456 57454 N/A N/A

Approved Approved N/A N/A

Runtime Runtime Agentfor HBSS Spyware

No No No No

N/A N/A N/A N/A

Application Enterprise Module McAfeeDLP Management Tools McAfeeePolicy Orchestrator McAfeePolicy AuditorAgent McAfeePolicy AuditorServer McAfeeRogue SystemDetection Server McAfeeVirusScan Enterprise Microsoft.NET Framework Microsoft.NET Framework Microsoft.NET Framework MicrosoftOffice WordViewer MicrosoftSQL ServerExpress MicrosoftSQL Server Management StudioExpress Microsoft WindowsServer UpdateServices WindowsInternet Explorer WindowsServer Enterprise VMWare ESXi/VSphere

Version

DADMS#

FAMStatus

Purpose

IAEnabled (Yes/No)

CCEval Status

2.2.300.7 4.0.0 5.1.0.183 5.1.0.183 2.0.0 8.7i 2.0SP2 3.0SP2 3.5SP1 2003 2005

N/A 49977 N/A N/A N/A 53916 44328 48529 50204 45819 51811

N/A Approved N/A N/A N/A AWR Approved AWR AWR Waiver AWR

Data protection HBSSconsole Policyauditing Policyauditing Detect unwanted systems Antivirus Runtime Runtime Runtime ViewMSWord documents Database Database management Microsoft patches Internet browsing Operating system Operating system

No Yes No Yes No Yes No No No No Yes

N/A EAL3 N/A EAL3 N/A EAL2 N/A N/A N/A N/A Not Evaluated N/A

2005

57498

Approved

No

3.0SP1 8 2003R2 3.5/5.0

48353 56523 48800 54797

Approved Approved Approved Approved

No No Yes Yes

N/A N/A EAL4+ In evaluation forEAL4+