NetWare 4 Enters Final Phase of C2 Evaluation
On Track to Receive First Client-Server Network Rating
NCSC Class C2 Security Evaluation Criteria Technical Background [link removed]
PROVO, Utah August 28, 1995 Novell, Inc., today announced
that on August 4, 1995, NetWare® 4 formally entered C2 evaluation at
the National Computer Security Center (NCSC), part of the National
Security Agency. NetWare 4 will be the first general purpose network
operating system to receive a Trusted Network Interpretation (TNI) Class
C2 rating resulting from evaluations of a server component, a client
component and a complete network. The NCSC's evaluation will ensure
that NetWare 4 provides the most secure and robust network operating
system available.
The Novell evaluation is against the NCSC's TNI of the Trusted
Computer System Evaluation Criteria (TCSEC). Novell has entered this
evaluation along with Cordant®, Inc., whose Assure# product provides
the critical security capabilities for the workstation to control access to
the network and to local memory and peripherals.
Security is one of the seven basic network services required by
customers. According to Richard King, executive vice president and
general manager of Novell's Systems Group, "Novell has always been
committed to providing the highest level of security in our products.
Customers need to know that the information on their entire network is
protected. By entering the formal evaluation of a TNI C2 rating, we
continue to show that no other network operating system on the market
can match NetWare 4."
According to John Pescatore, research director for IDG's
Information Security service, "Security is of vital importance for the
computing industry. The value of the NCSC's C2 evaluation program is
that it provides an independent, objective rating of security systems.
While a C2 rating is not a panacea, it has become a standard for
commercial businesses as well as government and military
organizations. Customers are using it as a differentiator when making
product purchasing decisions."
"Our evaluation of NetWare and Assure is the first of its kind,"
said John Davis, director of the NCSC. "No other evaluation has been
performed on a complete client/server system capable of operating
across a network in the way people will actually use it. We are
confident that our evaluation of Novell and Cordant's network system will
justify the trust their existing customers have already placed in the
security designs of these companies."
Tom Ballard, vice president of Federal Operations for Cordant,
states, "When Novell first approached us with the idea of participating in
the C2 evaluation process, we immediately recognized the value of such
an initiative. Security of sensitive and critical information has and will
continue to be of vital concern to not only government organizations, but
also to crucial electronic commerce activities across the network. The
evaluation process has allowed us to continually improve the security of
our systems. We look forward to receiving the TNI C2 rating, which will
justify the tremendous confidence we have in our products."
"Our working relationship with Novell and Cordant has been one
of total cooperation," said Dennis Kinch, chief of NSA's Trusted Product
Evaluation Division. "Since the NetWare evaluation is the first one where
we have separately evaluated heterogeneous components as part of a
client-server networked system, we have gone through a learning
experience along with both companies. The experience of working in
such as collaborative way has been a great opportunity for everyone
involved."
Security Evaluation Criteria
The NCSC and Department of Defense have defined the
requirements for security evaluations of operating systems and
networks. Evaluations based on the TCSEC, commonly referred to as the
"Orange Book," determine the security of a standalone system, such as
a client workstation or server, but make no judgment as to the security of
that system within a networked environment. In other words, a product
that has received a TCSEC C2 rating invalidates that rating when hooking
into a network. By contrast, the TNI, known as the "Red Book," is an
expansion of the TCSEC criteria for networked systems for determining
the security of network components and the network as a whole.
Novell Open Security Architecture
Novell has a program to allow other vendors to qualify for a C2
evaluation rating as part of a NetWare network. Novell's open security
architecture allows hardware manufacturers to submit their systems to
be evaluated as part of a NetWare 4 network without having to repeat
the entire evaluation for the server component or network system.
E2 Evaluation for NetWare 4
NetWare 4 is currently also in the evaluation process for an
E2/F-C2 rating through Electronic Data Systems, a European Commercial
Licensed Evaluation Facility. The criteria for an E2/F-C2 rating are similar
to those of the NCSC and require essentially the same
functions--identification and authentication, discretionary access control,
audit and object reuse. Since the E2 evaluation is so similar, all of the
relevant preparation work carried out for the TNI C2 program provides
valuable input for the European rating.
Novell is pursuing the C2 and E2 ratings as a significant step
along the path of expanding security services for existing as well as
emerging advanced computer technology environments. The milestone
announced today adds to Novell's foundation for growing security
capabilities. Novell will continue to build upon this foundation to meet
customer needs for more convenient and capable security services.
For more information about Novell products and services,
customers can call 1-800-NETWARE or visit the Novell home page at
http://www.novell.com. |