Final Evaluation Report of Computer Accessories Inc., Private Access.

摘要

The product Private Access has been evaluated by the National Computer Security Center (NCSC). Private Access is considered to be a subsystem, rather than a complete trusted computer system, and therefore it was evaluated against a relevant subset of the security requirements in the Department of Defense Trusted Computer System Evaluation Criteria, dated December 1985, here after referred to as the Criteria. The subsets for this product include Identification and Authentication (IA) and Audit. The NCSC evaluation team has determined that Private Access applies these security features to any system that uses standard, dialup telephone lines for access to its systems. Private Access can protect one personal Computer from unauthorized access over a single telephone line. No security is provided for local operation. Private Access uses a variable password and fixed callback procedures to guarantee the authenticity of users and their location. Additionally, Private Access has time of use restrictions and an audit of IA actions. Private Access will turn on its host system giving an authorized user complete control over the host computer. The remote access feature, used in conjunction with software not provided by the company, will allow the remote user to run the host computer without returning system control to the host. (This return to the default terminal occurs with some program calls). Private Access will power down the system if an illegal access attempt is made. A limit of 100 user ID's/Passwords may be assigned. Privileged users can modify the trusted secure data base remotely.