******************************************************************************
                                                                         PT-56
  								  October 1992
******************************************************************************


1.  Product Description:  NightWatch II is an access control program for the
Macintosh.  This product test addresses version 2.01b.

2.  Product Acquisition:  NightWatch II is available from Kent Marsh, 3260 Sul
Ross, Houston, TX 77098.  The list price for a single copy is $159.95.  There
should, however, be no need to pay list price since even Kent Marsh has
discounted the product during several promotions.  Normally mail order firms
offer a single copy from $89.00 to $95.00.  One can contact Kent Marsh at (800)
325-3587.  Site licenses are available.

3.  Product Tester:  Chris Mc Donald, Computer Systems Analyst, Directorate of
Information Management, White Sands Missile Range, NM  88002, DSN 258-7584,
DDN:  cmcdonal@wsmr-emh03.army.mil or cmcdonald@wsmr-simtel20.army.mil.

4.  Product Test:

    a.  I obtained my copy directly from Kent Marsh under a promotional
discount provided to owners of other Kent Marsh products.  All tests occurred
on a Macintosh IIcx running system 6.0.5 with a 80MB hard drive.  The
documentation indicates that NightWatch II requires "a Macintosh computer with
at least the 128K ROMs and a double-sided disk drive (that is, a Macintosh
512KE or newer)".  The program is System 7.0 compatible.  The test period
extended from August 24 to October 7, 1992. 

    b.  One has three options to lock a disk under NightWatch II.

    (1)  Option One is "Diskless" in which one needs a user name and a password
at startup.

    (2)  Option Two is "Classic" in which one requires a key disk in addition to
a user name and password.

    (3)  Option Three is "Passwordless" in which one requires only a key disk.

    c.  Although Option Two offers two levels of control, I chose to test
Option One.  Installation consisted of these steps.

    (1)  Insertion of the NightWatch II Administrator Disk and double-clicking
on the Administrator application.

    (2)  Selection of the hard disk to be protected.

    (3)  Selection of the lock Option.

    (4)  Selection of an Administrator's user name and password.

    (5)  Optional creation of additional users.

    (6)  Restart of the system.

    d.  Installation proceeded normally with one exception.  The documentation
stated that one might "get some warnings from your virus protection software"
without any particular reference to a specific product.  I found that the
Symantec Anti-Virus for Macintosh (SAM) INTERCEPT application caused major
problems in the installation.  It was necessary to turnoff SAM to successfully
complete installation.  

    e.  There are various features which an administrator may enable.

    (1)  The feature to "automatically lock at shutdown" secures the hard disk
in the most logical manner, although one can choose the manual option to
double-click on the NightWatch II ShutDown icon.  NightWatch II provides a user
with a notification that the hard disk has been locked with a unique signature
each time shutdown occurs.

    (2)  The feature to "keep disk write-protected while unlocked" precludes
the creation, deletion or modification of files even though they may be visible
and usable on the desktop.

    (3)  The feature to "prevent disk recovery tool access" will interfere with
utilities such as Norton Utilities for Macintosh when one has locked the hard
disk.

    (4)  The feature to activate "activity logging" records the dates and times
one locks and unlocks the hard disk (both valid and invalid attempts).  

    f.  I tested all of these features with these results.

    (1)  While the features functioned as documented, there were several
problems encountered given my particular configuration of INITs.

    (2)  Without deactivating SAM INTERCEPT it was impossible to automatically
lock the hard disk on shutdown.  SAM would prevent NightWatch II from writing a
unique signature lock.  While I could choose to "allow" the operation to
proceed, this became a manual--not an automatic--shutdown.

    (3)  Disk write-protection in conjunction with several MACTOOLS INITs
completely disabled both automatic and manual locking of the hard disk.  Since
I could not lock the hard disk, the volume was in a state of perpetual write-
protection.  It required a telephone call to Kent Marsh in order to override
disk-protection so that I could regain control of my system.  It should be
noted that the MACTOOLS INITs only caused a conflict with this specific feature
enable.  During all other tests there were no problems.

    (4)  Activity logging does not record attempts to guess the screen locking
password, only the password for the signature lock.  While this is consistent
with the documentation, it also means that the activity log will not record
either successful or unsuccessful attempts to bypass the screen locking
password (see paragraph 4g(9) below).


				       2

    g.  NightWatch II provides a wide range of privileges and/or preferences
which an administrator may establish for each user.  I tested all privileges
and preferences with these results.

    (1)  Minimum Password Length.  Although the default is 4 characters, one
can impose longer passwords.  Any attempt to enter a password less than the
administrator setting was unsuccessful.

    (2)  Password Expiration.  Although the default is 30 days, one can adjust
the timeframe.  I found that the automatic expiration functioned correctly for
three separate user accounts which I had established.

    (3)  Password Case Sensitivity.  The default is that passwords are not case
sensitive.  

    (4)  Password Change Capability.  The default is that individual users can
change their passwords subject to the preferences established by the
administrator.  

    (5)  Prompt for Password.  The default is that a user will have to type his
or her password twice upon a change.  

    (6)  Hard Disk Write-Protection.  Although this feature can be applied to
specific users, it did result in a conflict described earlier.

    (7)  Days of Access Limitations.  This preference functioned normally.

    (8)  Times of Access Limitations.  This preference functioned normally.

    (9)  Automatic Screen Locking.  The default is that the screen locker will
engage after 5 minutes of inactivity.  Since the screen locker does not lock
the hard disk, however, bypassing the screen locker can result in a problem.
For example, if with the screen locker activated one under System 6.0.5
restarts the system with a system disk in the floppy drive, one can then access
the hard disk without a user name or password.  While one will assume the
privileges and preferences of the user who was active before the screen locker
engaged, one has bypassed the hard disk lock protection.

5.  Product Advantages:

    a.  NightWatch II provides hard disk access control at an affordable price.
The three disk protection options offer flexibility for any environment.  The
Key Disk option addresses the requirement for a higher degree of access control
through a combination of what someone has and what someone knows.

    b.  The administrator has a wide range of privileges and preferences which
may be established for a community of users.  One can easily "protect" users
>from themselves by choosing intelligent password preferences such as case-
sensitivity, expiration periods, forced changes, and minimum lengths.


				       
				       3

    c.  The Kent Marsh technical staff has always appeared competent in
telephone conversations.  My experience with the write-protection conflict
during this product test was no exception.

    d.  NightWatch II is part of a product line which addresses the full
spectrum of data security concerns.  The product line is modular in nature such
that one can add additional programs without the risk of conflicts.

6.  Product Disadvantages:

    a.  The documentation suggests and testing confirmed that NightWatch II can
conflict with other essential software.  While it is impossible for Kent Marsh
to test its product against every piece of software, and while other comparable
access control programs may exhibit similar characteristics, a user must be
prepared for such eventuality.

    b.  NightWatch II provides only minimum activity log data, and offers no
file or folder protection. 

    c.  While I may have missed it, I found nothing in the documentation which
allows the system administrator to limit the number of incorrect logon
attempts.  Some type of limit in conjunction with temporarily "locking" the
system might be a nice enhancement.

    d.  In large organizations it would seem appropriate to maintain a support
staff of administrators to handle installation and configuration of the
program.  That staff would also assist users in the event of program conflicts
or lockouts.  Organizations unwilling to commit such resources might degrade
the effectiveness of the program.  The requirement for a support staff is not
unique to NightWatch II, but it does present a potential disadvantage for those
who ignore it.

7.  Comments:

    One may consult a brief review in the November 1992 edition of "MACWORLD"
for additional comments on NightWatch II.

[The opinions expressed in this evaluation are those of the author, and should
not be taken as representing official Department of Army positions or a
commercial endorsement.]