Common Criteria Evaluated Configuration Guide Revision B McAfee® Email Gateway 7.0.
COPYRIGHT Copyright © 2012 McAfee, Inc. Do not copy without permission.
Contents 1 About this guide 5 Preparing the Common Criteria environment 7 Additional McAfee documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . Key networking terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware and software requirements . . . . . . . . . . . . . . . . . . . . . . . . . Appliance hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtual appliance software . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Index 4 McAfee® Email Gateway 7.0.
About this guide This guide describes requirements and guidelines for installing, configuring, and maintaining a McAfee® Email Gateway (hereinafter Email Gateway) appliance to comply with Common Criteria evaluation standards. If your organization's security policy requires the Email Gateway appliance to match the Common Criteria Target of Evaluation (TOE) configuration, carefully follow the instructions in this document.
About this guide 6 McAfee® Email Gateway 7.0.
1 Preparing the Common Criteria environment Common Criteria represents the effort to develop criteria for evaluation of information technology (IT) security products. The criteria and evaluation standards are broadly used and respected within the international community. Many organizations require that their security products be CC certified. The McAfee® Email Gateway Appliance and software version 7.0.1 have been submitted for Common Criteria certification at Evaluation Assurance Level 2 (EAL 2+).
1 Preparing the Common Criteria environment Key networking terms • McAfee Email Gateway 7.0 Appliance Help; online Help is included in the McAfee Email Gateway Appliance version 7.0. • McAfee Email Gateway Release Notes, version 7.0 Patch 7.0.1 (meg‑7.0.1‑2151.150.readme.en‑us.pdf) Key networking terms The following table provides definitions of key terms related to McAfee Email Gateway Appliances.
Preparing the Common Criteria environment Key networking terms Table 1-1 1 Definitions (continued) Term Description network user An unauthenticated remote user or process sending information to the workstation through a network protocol; this role only has the authority to send information through the appliance from either the Internet or the internal network. packers Compression tools that compress files and change the binary signature of the executable.
1 Preparing the Common Criteria environment Hardware and software requirements Hardware and software requirements Follow these guidelines for supported hardware and software. For more information about downloading the software, see Task ‑ Download the installation software in either the McAfee Email Gateway 7.0 Appliances Installation Guide or the McAfee Email Gateway 7.0 Virtual Appliance Installation Guide.
1 Preparing the Common Criteria environment TOE environment guidelines • HTTPS with Secure Socket Layer (SSL) version 3.0 or Transport Layer Security (TLS) version 1 encryption, using RC4 with 128‑bit cryptographic key size, or 3DES with 112‑bit cryptographic key size SSLv2 and SSLv1 protocols must be explicitly disabled and cleartext not permitted for the connection with the TOE user interface.
1 Preparing the Common Criteria environment TOE environment guidelines 12 McAfee® Email Gateway 7.0.
2 Installing and configuring the McAfee Email Gateway Appliance Verify the required information for installing and configuring the appliance in compliance with Common Criteria standards. Contents Pre-installation tasks Install the appliance Configure the appliance Pre-installation tasks Use this information to supplement the installation instructions found in the documentation referenced below. You can find a list of the available guides at Additional McAfee documentation on page 7.
2 Installing and configuring the McAfee Email Gateway Appliance Install the appliance Prepare the environment Provide an environment where the Email Gateway Appliance is both physically and operationally secure. Task 1 Install the McAfee Email Gateway Appliance in a secure location that provides the same level of physical protection as used for the assets the appliance protects. 2 Limit access to administrator personnel as defined in the McAfee Email Gateway Appliance 7.0.1 Security Target.
Installing and configuring the McAfee Email Gateway Appliance Configure the appliance • Select the required operational mode. • Select option K to enable FIPS mode. 2 Additional details about the options available in the configuration console can be found in Performing a Standard Setup in Chapter 2 of the McAfee Email Gateway 7.0 Appliances Installation Guide. 3 Log on to the appliance and use the Setup Wizard to complete the remaining configuration tasks.
2 Installing and configuring the McAfee Email Gateway Appliance Configure the appliance • Using the Configuration Console in the McAfee Email Gateway 7.0 Appliance Installation Guide. • Installing the Virtual Appliance on vSphere in the McAfee Email Gateway 7.0 Virtual Appliance Installation Guide. • Using the Configuration Console in the McAfee Content Security Blade Server 7.0 System Installation Guide.
3 Maintaining a TOE configuration Additional administrative tasks must be performed to set up Email Gateway to meet the TOE configuration. A list of the available documentation for Email Gateway can be found at Additional McAfee documentation on page 7 in this guide. Review the supplemental information corresponding to installation instructions in the McAfee Email Gateway 7.0 Administrators Guide.
3 Maintaining a TOE configuration Overview of the Email menu Overview of the Email menu The table below provides information you will need when you set up items from the email menu. Table 3-2 Email menu Menu item Guidance Life of an email message No further guidance is necessary in addition to that provided in the McAfee Email Gateway 7.0 Appliances Administrators Guide.
Maintaining a TOE configuration Logs, alerts, and SNMP 3 Appliance management The table below provides guidance for configuring features used in managing your appliance. Table 3-3 Appliance management Feature Guidance Time and date To maintain compliance with the TOE configuration NTP Servers should not be configured. The administrator should set the time and date manually, and ensure it is checked regularly to adjust any time drift.
3 Maintaining a TOE configuration Logs, alerts, and SNMP • Recipient • Status/category • Size The System logs include the following information for each event recorded: • Date/time • Gateway name • Gateway component related to the event • Details of the event • Event ID • Identity of subject initiating the event • Outcome Here is an example System log: Sep 5 11:24:56 scmgateway : Application='update‑xmlconf', Event Id='220010', Event String='Finished applying new configuration', Reason=
3 Maintaining a TOE configuration Logs, alerts, and SNMP Settings This table provides additional information for configuring alerts and logging. Table 3-5 Settings Setting Guidance SNMP alert settings SNMP is not supported in the evaluated configuration due to the inherent weaknesses in this protocol. All SNMP alerting and monitoring functionality can be achieved using other features of the appliance. Therefore, SNMP features should not be enabled.
3 Maintaining a TOE configuration Logs, alerts, and SNMP Table 3-6 Event settings (continued) Event type Setting type Navigation path High severity event setting Detection events SMTP settings System | Logging, Alerting • 180002 — Anti‑spam and SNMP | Logging classification Configuration | SMTP Settings, then select Detection • 180004 — MIME format Events | Advanced detection • 180010 — Compliance detection • 180014 — Image analyzer detection • 180016 — Avira anti‑virus engine detection • 180017 ‑
3 Maintaining a TOE configuration Logs, alerts, and SNMP Table 3-6 Event settings (continued) Event type Unsuccessful attempt to scan traffic or message Hardware and software appliance settings, including TOE Security Function (TSF) settings Setting type Navigation path High severity event setting POP3 settings System | Logging, Alerting and SNMP | Logging Configuration | POP3 Settings, then select All events for Protocol Events • 19000 — Protocol conversation SMTP settings System | Logging, A
3 Maintaining a TOE configuration Component management Component management This table provides additional information for configuring specific components of your system. Table 3-7 Components Component Guidance Update status The appliance administrator must ensure that signature (DAT) files and scanning engine updates provided by McAfee for the appliance are installed promptly upon release. Settings within the appliance will allow for automatic updating upon signature file release.
Maintaining a TOE configuration Configure additional settings for Common Criteria 3 Configure the audit of Common Criteria specific events Follow this process to configure the auditing of failed SSL connections, the creation and/or termination of HTTPS connections, and enabling the Web Mail Client audit trail. Some of the required configuration is not available through the user interface. Task 1 2 Back up the appliance configuration.
3 Maintaining a TOE configuration Configure additional settings for Common Criteria 14 Locate the line beginning: 15 Save the updated file in text format. 16 Recreate the ZIP file from the root directory of the extracted ZIP file. 17 On the user interface, navigate to System | System Administration | Configuration Management.
Index A K alerts 19 email 20 appliance hardware 10 management 19 software 10 appliance configuration 14 key terms 8 L logging alerts 20 event settings 21 settings 21 logs 19 B blade server configuration 15 C component management 24 configuration appliance 14 blade server 15 virtual appliance 15 D dashboard 17 definitions key terms 8 documentation additional MEG 7.
Index V system menu 18 virtual appliance configuration 15 T troubleshooting 24 U users, managing 19 28 McAfee® Email Gateway 7.0.
700-3391B00