NetWare 4 Enters Final Phase of C2 Evaluation

ON TRACK TO RECEIVE FIRST CLIENT-SERVER NETWORK RATING

NCSC Class C2 Security Evaluation Criteria Technical Background

PROVO, Utah --August 28, 1995-- Novell, Inc., today announced that on
August 4, 1995, NetWare&reg; 4 formally entered C2 evaluation at the
National Computer Security Center (NCSC), part of the National Security
Agency. NetWare 4 will be the first general purpose network operating
system to receive a Trusted Network Interpretation (TNI) Class C2 rating
resulting from evaluations of a server component, a client component and a
complete network. The NCSC's evaluation will ensure that NetWare 4
provides the most secure and robust network operating system available.

The Novell evaluation is against the NCSC's TNI of the Trusted Computer
System Evaluation Criteria (TCSEC). Novell has entered this evaluation
along with Cordant&reg;, Inc., whose Assure# product provides the critical
security capabilities for the workstation to control access to the network
and to local memory and peripherals.

Security is one of the seven basic network services required by customers.
According to Richard King, executive vice president and general manager of
Novell's Systems Group, "Novell has always been committed to providing the
highest level of security in our products. Customers need to know that the
information on their entire network is protected. By entering the formal
evaluation of a TNI C2 rating, we continue to show that no other network
operating system on the market can match NetWare 4."

According to John Pescatore, research director for IDG's Information
Security service, "Security is of vital importance for the computing
industry. The value of the NCSC's C2 evaluation program is that it
provides an independent, objective rating of security systems. While a C2
rating is not a panacea, it has become a standard for commercial
businesses as well as government and military organizations. Customers are
using it as a differentiator when making product purchasing decisions."

"Our evaluation of NetWare and Assure is the first of its kind," said John
Davis, director of the NCSC. "No other evaluation has been performed on a
complete client/server system capable of operating across a network in the
way people will actually use it. We are confident that our evaluation of
Novell and Cordant's network system will justify the trust their existing
customers have already placed in the security designs of these
companies."

Tom Ballard, vice president of Federal Operations for Cordant, states,
"When Novell first approached us with the idea of participating in the C2
evaluation process, we immediately recognized the value of such an
initiative. Security of sensitive and critical information has and will
continue to be of vital concern to not only government organizations, but
also to crucial electronic commerce activities across the network. The
evaluation process has allowed us to continually improve the security of
our systems. We look forward to receiving the TNI C2 rating, which will
justify the tremendous confidence we have in our products."

"Our working relationship with Novell and Cordant has been one of total
cooperation," said Dennis Kinch, chief of NSA's Trusted Product Evaluation
Division. "Since the NetWare evaluation is the first one where we have
separately evaluated heterogeneous components as part of a client-server
networked system, we have gone through a learning experience along with
both companies. The experience of working in such as collaborative way has
been a great opportunity for everyone involved."

SECURITY EVALUATION CRITERIA

The NCSC and Department of Defense have defined the requirements for
security evaluations of operating systems and networks. Evaluations based
on the TCSEC, commonly referred to as the "Orange Book," determine the
security of a standalone system, such as a client workstation or server,
but make no judgment as to the security of that system within a networked
environment. In other words, a product that has received a TCSEC C2 rating
invalidates that rating when hooking into a network. By contrast, the TNI,
known as the "Red Book," is an expansion of the TCSEC criteria for
networked systems for determining the security of network components and
the network as a whole.

NOVELL OPEN SECURITY ARCHITECTURE

Novell has a program to allow other vendors to qualify for a C2 evaluation
rating as part of a NetWare network. Novell's open security architecture
allows hardware manufacturers to submit their systems to be evaluated as
part of a NetWare 4 network without having to repeat the entire evaluation
for the server component or network system.

E2 EVALUATION FOR NETWARE 4

NetWare 4 is currently also in the evaluation process for an E2/F-C2 rating
through Electronic Data Systems, a European Commercial Licensed Evaluation
Facility. The criteria for an E2/F-C2 rating are similar to those of the
NCSC and require essentially the same functions--identification and
authentication, discretionary access control, audit and object reuse.
Since the E2 evaluation is so similar, all of the relevant preparation
work carried out for the TNI C2 program provides valuable input for the
European rating.

Novell is pursuing the C2 and E2 ratings as a significant step along the
path of expanding security services for existing as well as emerging
advanced computer technology environments. The milestone announced today
adds to Novell's foundation for growing security capabilities. Novell will
continue to build upon this foundation to meet customer needs for more
convenient and capable security services.

For more information about Novell products and services, customers can call
1-800-NETWARE or visit the Novell home page at http://www.novell.com.
 
 =========================================================
 From the 'New Product News' Electronic News Service on...
 AOL (Keyword = New Products) and Delphi (GO COMP PROD)
 =========================================================
 This information was processed from data provided by the
 company/author mentioned. For additional details, please
 contact them directly at the address/phone# indicated.
 Trademarks are the property of their respective owners.
 =========================================================
 All submissions for this service should be addressed to:
 BAKER ENTERPRISES,  20 Ferro Dr,  Sewell, NJ  08080  USA
 Email: rbakerpc@delphi.com  -or- RBakerPC (on AOL/Delphi)
 =========================================================
