The goal of this test is to login to the computer upon startup. The test is deemed successful if the user can login to the computer and gain access to the mainframe. The system should restrict the user from gaining access after a set number of attempts. The system should also not provide any clues or hints of the password to the user.

Test
The user can login into the system only with the correct password. The system does not give any hints after attempted logins. However, the system also does not logout or restrict the user after a set number of logins.

Evaluation 2: Gain access to files

This evaluation tests if the user can gain access to the file directory and to a particular file. The system should require that the user enter a password before displaying the file tree structure. In addition, the system should require passwords to access the directories and files.

Test
The user can gain access to both the file directories and the files without a password. With the exception of password-protected files, the user can freely access all files. The system does not authenticate the file directory.

This computer is installed with a dial-up modem connection for access to the Internet from home. The program installed is NetZero. The system should authenticate that the user of the system can gain access to NetZero through member login. The system should not automatically login the user by saving the member ID or password

Test
To gain access to the Internet through NetZero, the user must enter a member name and password. The ID and password are not saved. However, it should be noted that any member of NetZero may login not just the member ID associated with the system.

The goal of this test is to connect to the user’s computer using either a wireless card or a network cable. The system should authenticate the user before logging into the UNC campus network.

Test
The user can successfully login to the UNC campus network without a username (onyen) or password. If the system is placed within the campus network, the user can simply login by attaching the wireless card or plugging in an available network cable. The campus network authenticates the system, not the user, based on the MAC address of the hardware.

Recommendations:

Evaluation 1: The user must know the password to access the computer. The system does not provide clues as to the password. However, the user can attempt logins an indefinite number of times without the system restricting the login attempts. The system administrator should gain security software that restricts login attempts.

Evaluation 2: The user can gain full access to file directories and individual files without authentication. The system should require a password for files and directories. The system administrator should set files and files to be password protected. This requirement can be turned on in the “Local Security Settings” of the Administrative tools menu under Control panel.

Evaluation 3: The user must login to the NetZero program using a valid member ID and password. However, any valid member ID and password will work not those associated or authenticated by the system. The system should only allow those IDs associated with the computer to logon to the program. The system administrator should set IDs in the software or gain other software that authenticates member IDs.

Evaluation 4: If the system is placed in the UNC environment, the system is validated by the MAC address. Since this validation rule is associated with the UNC system, the system administrator will have to accept this security flaw.