****************************************************************************** PT-2 Revised February 1991 ****************************************************************************** 1. Product Description: SECUREPC is a commercial product which provides boot protection, user identification and authorization through passwords, mail/message system, menu and sub-menu capability, password and access protection at multiple levels, audit trail facilities, file encryption capabilities and scrub functions. 2. Product Acquisition: SECUREPC and SECUREPC PLUS (distributed in late October 1989) are available from Hughes Data Systems, Inc., 319 S.W. Washington Street, Suite 310, Portland, Oregon 97204, Telephone 503-243-1029. 3. Product Tester: Chris Mc Donald, Computer Systems Analyst, Directorate of Information Management, White Sands Missile Range, NM 88002-5030, DSN 258-7548 or DDN: cmcdonal@wsmr-emh03.army.mil 4. Product Test: a. I obtained an early 1988 evaluation copy of the product from HQ PERSINSCOM, Alexandria, VA. b. I ran the current version of VIRUSCAN against the product and received a negative response for any of known viral signatures. There are, as of February 1991, no false alarms generated by other viral scanning products on SECUREPC executables. c. I installed the package on a Unisys personal computer, MS-DOS 3.1, 512k, with a 33 MB hard drive. I tested the boot protection and user password identification and authentication scheme. When these features appeared to function as advertised, I attempted to "remove" the package and contact the vendor to determine the most current release and to obtain pricing information. d. THE REMOVAL OPERATION WAS UNSUCCESSFUL. I was unable to boot the system from the hard drive and to remove boot protection from one floppy drive. My hard drive became an "Invalid Drive Specification." At this point I called the vendor and spoke with Mr. Guy Williams, the Executive Vice President of Hughes Data Systems. When I explained what had happened, he acknowledged that my evaluation copy may have been defective. He took about 5-10 minutes to create a subdirectory on the hard drive by reloading certain files from the evaluation copy. I was then able to boot the system from the hard drive. This was only a temporary fix until a successful removal could be done. Mr Williams then offered to send me a current release of SECUREPC to complete the removal and to allow me to test the current product. e. The current release arrived in two days. This release had three disks. The first two contained the installation and removal programs. The third disk contained an "Override Operational Password System" program to address those situations in which removal might be unsuccessful. f. I called Mr. Williams who then worked me through an identification and authentication procedure to complete removal. The maintenance disk when loaded displays a unique password which a user must give to someone at Hughes Data Systems to generate an additional password to actually run the program. The password was 8-9 alphanumeric characters. When Mr. Williams computed and then gave me the password, the program executed and successfully removed all traces of the original protection. I CANNOT OVEREMPHASIZE THE EXCELLENT CUSTOMER SUPPORT WHICH I RECEIVED. g. I then loaded the current release and tested the following features. (1) System Administration: installation of master password, change of administrative password, establishment of 4 separate user ID codes with unique logon and passwords for each, selection of password and system lockup options, activation and review of audit trail records). (2) SECUREPC-TREE: file security option (i.e., encryption, decryption and scrubbing of marked files). h. Those features tested performed as described in the manual. SECUREPC allows logon IDs of three characters and passwords of up to eight characters. The identification and authentication scheme in conjunction with boot protection significantly protects stand-alone personal computer resources. There is also the option to tailor different system responses in the event of incorrect logons. The system administrator, who must have a separate password to add, delete and modify individual user profile registrations, can set the system to "lock" after a specified number of successive unsuccessful logon attempts. A system once locked can be set to unlock itself automatically in a defined time interval from one minute to four hours, or the system can be set to lock until "unlocked" by the system administrator. i. The audit trail captures all incorrect logon attempts and provides a record of the user ID and password which were entered. The user, who attempts unsuccessfully to logon, receives an ambiguous error message "SORRY . . .ID/ PASSWORD INCORRECT . . . ACCESS DENIED . . .PRESS A KEY." The user does not know if the attempt failed because of an incorrect ID or password. The system administrator also has the option to turn on accounting for all successful accesses through separate project IDs. j. The encryption/decryption process is effective and relatively quick. I encrypted and decrypted a complete directory of 18 files with about 120,000 bytes in about 5 minutes. The user is prompted for a password/key which is displayed. The encryption algorithm is a Hughes Data Systems proprietary feature. Encryption or decryption is a one step process once the user enters the correct password/key. k. The "scrub" or overwrite process is effective and safe. The process default is for a three time overwrite in accordance with AR 380-19 and DoD 5200.22-M for the contractor world. The user also has the option to increase the number of overwrites, if necessary. The user must consciously answer "yes" on two separate occasions before the "scrub" process activates. l. I used "nu" from NORTON UTILITIES to find and display passwords. This 2 was unsuccessful. I also attempted to read "encrypted" files. The header of an encrypted file has the word "ENCRYPTED" but all other data was unintelligible. Finally, I was unable to "unerase" any file overwritten with the "scrub" process. 5. Product Advantages: a. The product does what it is suppose to do. b. Customer support was excellent. c. The password and system lockup options are extremely desirable. d. The audit trail record could be used for a variety of purposes totally unrelated to security controls. 6. Product Disadvantages: a. While my problem with removal of boot protection may have been unique, it did suggest to me that it would be nice to have the option to initially install the product without it. This would allow the system administrator in particular the opportunity to become familiar with SECUREPC. It is possible to remove boot protection once installed but leave the other auditing, menu and management features in place. There is also the "Override Operational Password System" as a final safety measure. But I think the "option" would still be desirable. b. Accidentally encrypting an "encrypted" file results in the loss of the file. I found this out the hard way. The directory entry of an encrypted file does not have any identifier to let you know encryption has occurred. If you attempt to "type" an encrypted file, you do not find it. c. The random password generation feature in the system administrator's menu is terrible. Users would revolt if you attempted to have them use one of the gibberish passwords created. 7. Comments: I was impressed with the product. Obviously SECUREPC--PLUS, announced the very week that I received my replacement evaluation copy, has even more features. The sales brochure lists file and directory level protection, directory and file level security from the DOS prompt even after exiting the security menu, enhanced audit trail activity to include file accesses, and protection from utility programs to find files and change attributes. [The opinions expressed in this evaluation are those of the author, and should not be taken as representing official Department of Army positions or a commercial endorsement.] 3 ======================================================================