The core of any mobile working solution will always be a laptop, most likely running Windows XP (as of present I am not aware of any companies with concrete plans for large-scale Vista deployments.) The first step is to define some overall requirements for our solution:
1) Transparency and usability of security mechanisms whenever possible
2) Prevention of unauthorized access
3) Anonymity
4) Easy replacement of lost or compromised assets or data
5) Plausible deniability by users of data on their systems
6) Traceability
7) Ease of management and support of users and assets
8) Expandability and portability of the solution
Any mobile environment should be usable by all users, regardless of their security profile, so we will be relying on as much automation and build standardization as possible.
We start by breaking down the productivity requirements into two classes: sensitive (having to do with company-internal infomation) and general (contact to others via Internet.)
The basic functions that we want are thus:
- Basic office productivity tools (documents, spreadsheets, presentations, similar tools)
- Mail (secure when needed)
- Other communiation and collaboration with internal users and external persons (such as chat and VoIP — secure when needed)
- Browsing (secure Intranet sites)
- Browsing (other)
- Secure document & data storage (local and remote)
So essentially, we can group all these requirements into two rough clusters: “stuff that needs to be very secure” and “stuff that doesn’t need to be that secure” (beyond the usual protection from everyday badness.)
The solution we came up with for all these requirements was a multi-tiered model, using a couple of commonly available tools. Yet another short ingredients list:
- Layered access control (boot sector protection, full disk crypto, a strong authentication model) for the laptop itself
- An “inviolate” stronghold (such as VMWare ACE) running on the laptop — this is the only environment from which the more secure internal functions, such as corporate groupware and file sharing can be run
- Integrity policy (mixture of Microsoft AD GPOs and Check Point integrity client)
- A relayed VPN connection — via an offshore VPN gateway — so casual sniffers have trouble tracking the destination of your VPN link
- Live remote AD logon — Check Point, and possibly other vendors do a really nice thing called “SDL”, or Secure Domain Logon, where your Windows AD credentials are taken from the MSGINA into a “holding pattern” until a VPN connection is established (via a “shim GINA” that comes right after the MSGINA), at which point you are given a full live AD logon, as opposed to authenticating to the locally cached auth credentials
- PGP-based optional mail and file crypto, allowing for greater flexibility with removable devices (corporate ADKs, or additional decryption keys, deal with all those pesky recovery issues)
- Terminal-server based applications and filestorage for sensitive material; Citrix or Microsoft Terminal Server both do the trick here. The point is to add another layer of security between the laptop and the crown jewels, and to remove the need for remote workers to store unnecessary but sensitive materials locally.
That’s it for today, class. At some point I’ll go into what to do about remove laptop recovery, allowing users to have data auto-destruct without incriminating them or garnering accusations of impeding investigations, and other cool topics.