Common Criteria approval bestowed on IP routers

As government networks come under increasing attack, the companies that make routers and switches are building more security features into their products to stop worms and hackers before they reach agencies' servers.

In a sign of the times, routers and switches are undergoing government scrutiny to ensure they provide adequate security for agency deployment.

This week, Juniper Networks Inc. of Sunnyvale, Calif., said it has become the first router manufacturer to earn Common Criteria certification from the National Information Assurance Partnership, a joint testing venture of the National Institute of Standards and Technology and the National Security Agency.

According to a Juniper spokesman, NIAP granted Juniper Common Criteria Evaluation Assurance Level 2 (EAL 2) certification in January, but it became public this week.

Dubhe Beinhorn, vice president of Juniper Federal Systems, said the certification covers Juniper's M and T series of routers running the company's Junos infrastructure software. The Juniper M and T series routers run at the edge and core of networks, respectively. They will be deployed as part of the Defense Information Systems Agency's Global Information Grid Bandwidth Expansion project.

Juniper's status as the lone certified router manufacturer may not last long. San Jose, Calif.-based Cisco Systems Inc., Juniper's primary competition in the router market, has a wide range of routers and switches under evaluation. And other companies, including San Jose-based Foundry Networks Inc., also have routers in testing.

Cisco has long held Common Criteria certification for its firewall appliances, which reside closer to government servers than the IP routers that carry network traffic. NetScreen Technologies Inc., which Juniper is in the process of acquiring, also has several certified firewall products.

NIAP certification is a measure of a product's conformance to International Common Criteria for Information Technology Security Evaluation. Testing is performed by independent labs that have been accredited by NIST. Products earn assurance levels on a scale from EAL 1 (lowest assurance) to EAL 7 (highest assurance).

NIAP emphasizes that assurance level is not necessarily a measure of a product's "security robustness." Instead it reflects the amount of testing and analysis performed on the product. Still, some departments, such as the Defense Department, provide guidelines for acquiring products with appropriate assurance levels, depending on the network environment.

According to the NIAP Web site Cisco's routers are undergoing EAL 3 testing; Foundry's are under EAL 2 evaluation.