Mobile / Home Working

GCSX No 10.1 Mobile / Home Working

Any mobile/remote and/or home working solution MUST be in accordance with HMG IA Policy and Guidance (e.g. CESG Good Practice Guide No.10)

GCSX No 10.2 Mobile / Home Working

Data at rest on a remote device, or in transit, MUST be encrypted. CAPS Baseline encryption is approved for this purpose, though CCTM or FIPS 140-2 are acceptable.

GCSX No 10.3 Mobile / Home Working

Any use of Portable Electronic Devices MUST be authorised, managed and configured and operated in accordance with CESG guidance

GCSX No 10.4 Mobile / Home Working

All remote connections MUST be from authorised official and/or managed devices and records of activity are maintained (e.g. not Home PCs, Internet Cafes, etc)

GCSX No 10.5 Mobile / Home Working

Personal Firewalls MUST be installed, enabled and subject to configuration management for all remote working devices

GCSX No 10.6 Mobile / Home Working

Two factor authentication MUST be used for remote access from remote working devices

Secure Remote Access and SSL-VPN Partners

At Castleforce we are partnered with several leading SSL-VPN vendors and we can provide pre and post technical assistance with all the products listed.

It may be tempting to invest in a multi-layered, multi provider, multi-product approach, attempt to protect against each separate danger with a specific and targeted solution. However, that approach comes with unanticipated costs to the implementer, with greatly increased requirements in terms of expertise, training, support, maintenance time and effort. Worst of all, disconnected thinking can also leave unexpected gaps in protection.

Mycroft’s heritage is providing a streamlined, unified approach; combing access from multiple WAN’s such as DII(F), GSI and the Internet that will result in excellent ROI as well as greatly improved security.

Juniper SSL VPN can offer FIPS Security.  The SA4500 FIPS and SA6500 FIPS appliances incorporate a FIPS-certified HSM. The HSM handles cryptographic processing as well as key and certificate management in a hardened, tamper-proof hardware module. The HSM provides the additional benefit of offloading cryptographic processing from the host CPU, thus optimizing overall system performance while adding a physical layer of security. The SA4500 FIPS and SA6500 FIPS appliances also have a tamper evident label that deters physical security breaches and provides visual indication of appliance integrity.

Stonesoft specialise in High Availability Security Appliances including Firewalls, IDS/IPS and SSL VPN in both hardware and virtual appliances.

SonicWALL provides firewall products with unified threat management services such as network anti-virus, anti-spyware, virtual private networking (VPN), content filtering and other security services.

for Secure Communications, Secure Networking, Secure Application Access, SSL VPN, terminal services, Windows remote access, public key infrastructure, hardware security module and PKI HSM products

Two (Dual) Factor Authentication

Method of authenticating a user whereby two or more factors are verified. These factors include something the user has (such as hardware or software token), something the user knows (such as a password, passphrase, or PIN) or something the user is or does (such as fingerprints or other forms of biometrics).

SSL VPN

Acronym for “Secure Sockets Layer.” Established industry standard that encrypts the channel between a web browser and web server to ensure the privacy and reliability of data transmitted over this channel.

Dual or Two Factor Authentication

Standard logins require a user name (often the active directory username) and a static password which even if complex can be beaten by hackers within minutes.

To truly achieve a sufficiently complex password we would recommend using Two Factor Authentication or Strong Mutual Authentication as this will fulfil the Access Control requirement and part of the mobile working requirement together.

CRYPTOCard is a leader and innovator in the Network Authentication Industry with its multi-award winning Two-Factor Authentication solutions. Crypto-Card have 2FA options for every scenario including tokens, magentic stripe access cards, USB tokens, tokenless on Blackberry and Windows mobile as well as software tokens and keyboardless logons and available in a managed service as well as local installation.

Find out how Cryptocard can help Local Authorities with Government Connect

Tokenless Two Factor Authentication via SMS to mobile phones and utilises existing network directory structure so doesn't need separate database. SecurEnvoy have a range of tokenless solutions to help with every authentication requirement.

Find out more about SecurEnvoy Tokenless Two Factor Authentication

The most affordable strong authentication technology with minimal implementation costs and easy maintenance. Uses Picture Passwords that are entered from mouse clicks not the keyboard. Studies show that pictures and colours can be remembered more easily that standard alpha-numberic passwords.