Castleforce IT Security Team

Mobile / Home Working

Local Government are giving their staff the ability to work remotely to aid business continuity in accordance with HMG IA Policy and Guidance (e.g. CESG Good Practice Guide No.10)

Baseline encryption is approved for this purpose, though CCTM or FIPS 140-2 are acceptable.

Personal Firewalls must be installed, on all remote working devices.

Once again Two factor authentication must be used for remote access and this is common practise for all secure connectivity as passwords are the weakest links and the easiest way in for external hackers.

Access Control

Wallix AdminBastion and LogBastion  Wallix AdminBastion allows you to control access of your IT service providers, whether internal or external, privilege accounts and high-risk users. You can also record their work sessions and view them as and when needed (audit, incident, etc.). With WAB, you can easily manage IT team turnover, without running the risk of granting acess to your critical servers by individuals who are no longer authorised.

  • Session recording
  • SSH flow analysis
  • Access control
  • Real-time supervision

Encryption Partners

Check Point Software Technologies Ltd Check Point have fully implemented the Point Sec product to their Full Disk Encryption range in order to offer security management and data protection.  FIPS-140-2 Certified

Credant-data-encryption  CREDANT Technologies offers the flexibility to choose the encryption solution that best meets your data protection and compliance needs, delivering data encryption across any endpoint - desktops, laptops, handheld devices and removable media - including our patented, intelligent data encryption solutions as well as new hardware and software-based full-disk encryption offerings.  FIPS-140-2 Certified

DESlock+ CESG CCTM Full disk, Removable Media, Email, Folder Encryption DES's award winning DESlock+ encryption software helps organisations and individuals to protect against all types of data breach by offering a simple, yet extremely powerful set encryption tools to protect data in transit and at rest. To meet the needs of Government and corporate bodies the DESlock+ software is certified in the UK by CESG - the UK national technical authority for information, assurance under its Claims Tested Mark (CCTM) scheme. DESlock+ also meets the rigorous FIPS-140-2 standard in the US and is validated by the National Institute of Standards and Technology (NIST). Available as DESlock Standard or DESlock PRO  

Safend protects your enterprise from information leakage Safend Encryptor enforces an enterprise wide encryption policy to protect the data stored on laptop and desktop hard disks, so that sensitive data cannot be read by unauthorized users in the case of loss or theft. Safend Encryptor utilizes Total Data Encryption technology that automatically encrypts all data files, while avoiding unnecessary encryption of the operating system and program files. This innovative concept minimizes the risk of operating system failure, and has a negligible performance impact. Leveraging this unique encryption technology, Safend Encryptor provides transparent hard disk encryption.

IronKey, maker of the worlds most secure flash drive IronKey Enterprise secures data with always-on hardware encryption to meet compliance and data protection requirements.  All user data on an IronKey Enterprise drive is encrypted with high-speed, AES CBC-mode encryption. IronKey Enterprise is deployed quickly using the cloud-based IronKey Enterprise Management Service. Administrators are in full control of deployed devices and if needed can remotely disable devices and wipe data. IronKey Enterprise logs device use for reporting and compliance. FIPS-140-2 Certified

For more details on IronKey Enterprise

Authentication Partners

Standard logins require a user name (often the active directory username) and a static password which even if complex can be beaten by hackers within minutes.

To truly achieve a sufficiently complex password we would recommend using Two Factor Authentication or Strong Mutual Authentication as this will fulfil the Access Control requirement and part of the mobile working requirement together.

CRYPTOCard is a leader and innovator in the Network Authentication Industry with its multi-award winning Two-Factor Authentication solutions CRYPTOCard is a leader and innovator in the Network Authentication Industry with its multi-award winning Two-Factor Authentication solutions. Crypto-Card have 2FA options for every scenario including tokens, magentic stripe access cards, USB tokens, tokenless on Blackberry and Windows mobile as well as software tokens and keyboardless logons and available in a managed service as well as local installation.

SecurEnvoy Next Generation Two Factor Authenication Tokenless Two Factor Authentication via SMS to mobile phones and utilises existing network directory structure so doesn't need separate database.  SecurEnvoy have a range of tokenless solutions to help with every authentication requirement.

Swivel-PINsafe-CESG-CCTM-multifactor-authentication Swivel PINsafe is a tokenless multifactor authentication solution based on patented technology, offer a CCTM accredited, cost effective image, browser and voice based authentication.

Vasco strong authentication  VASCO is the leading supplier of strong authentication and e-signature solutions and services specializing in Internet Security applications and transactions.

IronKey, maker of the worlds most secure flash drive IronKey Enterprise secures data with always-on hardware encryption to meet compliance and data protection requirements.  All user data on an IronKey Enterprise drive is encrypted with high-speed, AES CBC-mode encryption. IronKey Enterprise is deployed quickly using the cloud-based IronKey Enterprise Management Service. Administrators are in full control of deployed devices and if needed can remotely disable devices and wipe data. IronKey Enterprise logs device use for reporting and compliance.

For more details on IronKey Enterprise

Contact-Castleforce-for-help-with-Compliance

Two (Dual) Factor Authentication

Method of authenticating a user whereby two or more factors are verified. These factors include something the user has (such as hardware or software token), something the user knows (such as a password, passphrase, or PIN) or something the user is or does (such as fingerprints or other forms of biometrics).

SSL VPN

Acronym for “Secure Sockets Layer.” Established industry standard that encrypts the channel between a web browser and web server to ensure the privacy and reliability of data transmitted over this channel.

Secure Remote Access and SSL-VPN Partners

At Castleforce we are partnered with several leading SSL-VPN vendors and we can provide pre and post technical assistance with all the products listed.

Stonesoft Securing Information Flow Stonesoft specialise in High Availability Security Appliances including Firewalls, IDS/IPS and SSL VPN in both hardware and virtual appliances.

Juniper Networks Networking security solutions Juniper SSL VPN can offer FIPS Security.  The SA4500 FIPS and SA6500 FIPS appliances incorporate a FIPS-certified HSM. The HSM handles cryptographic processing as well as key and certificate management in a hardened, tamper-proof hardware module. The HSM provides the additional benefit of offloading cryptographic processing from the host CPU, thus optimizing overall system performance while adding a physical layer of security. The SA4500 FIPS and SA6500 FIPS appliances also have a tamper evident label that deters physical security breaches and provides visual indication of appliance integrity.

WatchGuard Technologies provide Powerful network protection WatchGuard SSL provides easy-to-use secure remote access to network applications and resources, with the best mobile support and authentication options in its class. Advanced security features include rigorous endpoint integrity checking, session clean-up, and robust two-factor authentication and encryption support.   

Sonicwall Protection at the speed of business SonicWALL provides firewall products with unified threat management services such as network anti-virus, anti-spyware, virtual private networking (VPN), content filtering and other security services.

AEP-Networks-for-SSL-VPN-terminal-services-Windows-remote-access for Secure Communications, Secure Networking, Secure Application Access, SSL VPN, terminal services, Windows remote access, public key infrastructure, hardware security module and PKI HSM products

Assuria Compliance and Vulnerability assessment, change detection, file integrity monitoring, Server Hardening and Log Management NETASQ-UTM-EAL4-Network-Security-appliances Credant we protect what matters DESlock+ FIPS-140-2 CESG CCTM Full disk Encryption, Removable Media Encryption, Email Encryption, Folder Encryption Stonesoft produce high availability multi link ISP firewalls to help reduce single point of failure Sourcefire-3D System and masters of SNORT and CLAMAV InfoGov helps you to achieve compliance, manage risk and demonstrate good governance now, and into the future. Swivel-PINsafe-CESG-CCTM-the-power-of-knowing Lumension-Security-Patch-Management-and-end-point-protection Imprivata OneSign Single Sign-On (SSO) appliance Check Point firewalls and Pointsec Encryption software Wallix-AdminBastion-and-LogBastion-provide-access-control-and-monitoring-solutions

© Copyright Castleforce 2007-2012. Web design by Theme Group