Recommendations on the operating environment

Definition

On an Evaluation Assurance Level or EAL scale of 1 to 7, the Common Criteria evaluate a product’s capacity to provide security functions for which it had been designed, as well as the quality of its life cycle (development, production, delivery, operation, and updates).

Introduction

The installation of a firewall is often part of implementing a global security policy. To ensure optimal protection of your assets, resources and information, installing a firewall between your network and the Internet is only the first step. This is mainly because the majority of attacks come from the inside (accidents, disgruntled employees, dismissed employee having retained internal access, etc.). And anyone would agree that installing a steel security door defeats its purpose when the walls are made of paper.

Stormshield Network Security therefore adopts and applies the usage recommendations defined in the Common Criteria in its administration suite and firewalls. These recommendations set out the usage requirements to meet to ensure that your firewall operates within the context of the common criteria certification.

For further information on Common Criteria compliance, go to: https://documentation.stormshield.eu/common-criteria.html.

Security watch

Check regularly for the Stormshield security advisories published on https://advisories.stomshield.eu.

Always apply updates if they fix security flaws on your firewall. Updates are available here: https://mystormshield.eu.

Physical security measures

Stormshield Network Security firewalls must be installed and stored in compliance with the state of the art regarding sensitive security devices: secured access to the premises, shielded cables with twisted pairs, labeled cables, etc.

Organizational security measures

The default password of the admin user (super administrator) must be changed the very first time the product is used. In the web administration interface, this password can be changed in Configuration > System > Administrator > Administration account.

This password must be set in line with the best practices described in the User awareness section in the SNS user guide.

A particular administrative role – that of the super-administrator – has the following characteristics:

  • The only administrator authorized to log in via the local console on firewalls, and only during the installation of the firewall or for maintenance operations outside of normal production use,
  • In charge of defining the profiles of other administrators,
  • The premises where the firewalls are stored must only be accessed under this administrator's supervision, regardless of whether the purpose of the access is to conduct operations on the product or on other equipment. All operations on firewalls have to be conducted under this administrator’s responsibility.

IT security environment

Stormshield Network Security firewalls must be installed in line with the current network interconnection policy, and must be the only gateways between the various networks to which the information flow control policy has to be applied. They are scaled according to the capacities of the adjacent devices or these devices restrict the number of packets per second, positioned slightly below the maximum processing capacities of each appliance installed in the network architecture.