Monday, July 14, 2008

Remote access to the "secure" intranet?

Working from home is great when you can do it. Personally I find I get much more work done when at home than when in the office mainly because I aware that people assume you are skiving off.

Of coruse, having remote access to work is usually done through a VPN for added security, although if your computer is already compromised, using a VPN can be complete pointless.

As such you really have to restrict the number of people you give remote access to for added security. I say this because I was surprised to learn just how many people have remote access to the Government Secure Intranet (GSI) across Whitehall.

At DEFRA there are 2000 people accessing the GSI from their homes, in the Ministry of Justice it is 4000 (although they say the laptops are "encrypted" but they give no detail on what that actually means.

The Department for internetaional Development has 1788 people accessing the GSI from remote locations. Are they doing this abroad I wonder and what is the potential for intercept of senstive communications I wonder?

The Treasury has 564 people accessing the network remotely, whilst Cultrue, Media and Sports has 125. If the numbers are like this in just a few department I wonder how many potential leakage and access points there are, in total, to the Government's "Secure" Intranet?
Source: Hansard, multiple days last week


Will Longmore said...

There are a lot of GSI connections out there - even minions like me sometimes have them.

To make my connection work you need a matching laptop and a matching router (which I helpfully keep next to the access point). The router is a bog-standard netgear one, but overwritten with a new protocol. The laptop has an encrypted drive of course, and then it connects through a "secure tunnel" (as they describe it to us) to our servers at HQ. In essence this means some CESG approved software running the link with continuous encryption a la VPN.

I don't know enough about the security to comment on it. Although when I borrowed a spare laptop from an office the other day and the encryption password was written on a post-it stuck to its front, I did suspect that that perhaps is not best practice.

The main difference that you notice once you've been GSI enabled is how slow your laptop boots up.

Al said...

What are you talking about Dizzy, of course all the government's technology is 100% secure. They don't make mistakes. They don't lose data. They're perfect.

Anonymous said...

The main difference that you notice once you've been GSI enabled is how slow your laptop boots up.

That'll be the loggers not the VPN.

Print those leaks off in the office and carry the paper out.

Anonymous said...

It's good security - the risk is the people. And people do make mistakes. So:

- trust the Government to do it's best
- don't trust systems populated by people to get it right all the time.

A lot of the flexible working is due to increasing efficiency pressures. It is much cheaper to give 60% of your staff flexible working and cut 40% of your desk space than to not have the tech and to keep everyone penned in the office.

There are also significant benefits to the staff, as you say - meaning higher calibre people can be attracted for the same wage. Which is good for us all.

AFAIK, security rules currently restrict which countries the GSI can be connected to from (depending on your local security policy, and the tech involved, you may not be allowed to take it out of the country).