I think that there are lots of valid reasons to connect to the internet, but i haven't seen a lab so far that has either the desired infrastructure and correct resources to implement it. (I'm sure there are many that have, but i think they would be the exception).
From my own perspective (running a lab) I would love to be directly connected to the outside world, as maintaining a forensic lab that is air gaped is a pain. Updates, AV, data sharing, encryption keys etc. etc. We are increasing being asked to share data in one form or another and the forensic community is not geared up to do this easily. We all have our own methods, but mine, i'm sure' is different to yours. That represents extra costs, time and more paracetamol.
For large organisations remote working can represent real cost and efficientcy savings, but this is probably going to be way beyond the budgets of small organisations to implement properly. Remote systems can and do work at protected levels way above the requirements of most labs.
The lab is the easy bit. A really important point was briefly mentioned earlier was the physical and logical security of the remote location, so we should not talking about a users living room here!
In terms of cost effectiveness, it seems to me that this is the real driver behind the air gap. It is cheaper than paying for the security measures that would be required without it.
In terms of cost effectiveness, it seems to me that this is the real driver behind the air gap. It is cheaper than paying for the security measures that would be required without it.
I agree that there should be a substantial justification to do it, rather than simply the absence of objections since the latter is not possible. The fact is that a number of sensitive sites are on the Internet including banks, financial processing sites, bill payment sites, etc., and while these are not without problems, society has clearly accepted that the benefits outweigh the risks.
My last few cases have been identity theft cases on what you might consider a large scale and I'd have to say that in all of these cases, the proximate cause of the breach would not have been possible without one of two things happening
1. Social engineering
2. Failure to conform to the established practices.
In no case was the failure that of technology, alone. I'm not saying that this can't happen but, in my experience, it is much less common.
Thus, my greatest concerns when I need to expose my work to Internet access is not whether the technology works but whether or not I forgot some critical step which gets back to Jamie point about standard operating practices.
Good evening,
Setting up secure remote access solutions with two factor authentication, static IP addresses, and other items mentioned in an earlier post doesn't require a lot of physical or human resources. It should not be beyond the capabilities of any well established firm. They will need to dedicate a fair bit of time to designing and building the environment, and then to maintaining it, but it is quite doable.
-David
Setting up secure remote access solutions with two factor authentication, static IP addresses, and other items mentioned in an earlier post doesn't require a lot of physical or human resources. It should not be beyond the capabilities of any well established firm. They will need to dedicate a fair bit of time to designing and building the environment, and then to maintaining it, but it is quite doable.
-David
I agree that these things are easy to setup, but these measures would not be enough given the protective marking of the material. Not in my organisation anyway.
The question is also always asked around proving the integrity of your lab environment. Once you open the doors, if you do not have suitable auditing, reporting and monitoring in place then you could end up with a problem in court. Most organisations i have come across do not yet have suitable processes in place. (this is not a critisism, just an observation!)Hence the amount of resources required rises beyond the intitial job of establishing remote connections.
Setting up secure remote access solutions with two factor authentication, static IP addresses, and other items mentioned in an earlier post doesn't require a lot of physical or human resources. It should not be beyond the capabilities of any well established firm. They will need to dedicate a fair bit of time to designing and building the environment, and then to maintaining it, but it is quite doable.
-David
I agree that these things are easy to setup, but these measures would not be enough given the protective marking of the material. Not in my organisation anyway.
The question is also always asked around proving the integrity of your lab environment. Once you open the doors, if you do not have suitable auditing, reporting and monitoring in place then you could end up with a problem in court. Most organisations i have come across do not yet have suitable processes in place. (this is not a critisism, just an observation!)Hence the amount of resources required rises beyond the intitial job of establishing remote connections.
Can I ask what measures you'd consider to "be enough" when dealing with the circumstances you mention? Does your organisation have a policy in this area?
The question is also always asked around proving the integrity of your lab environment. Once you open the doors, if you do not have suitable auditing, reporting and monitoring in place then you could end up with a problem in court. Most organisations i have come across do not yet have suitable processes in place. (this is not a critisism, just an observation!)Hence the amount of resources required rises beyond the intitial job of establishing remote connections.
In my experience, the greatest threat to the security of any corporate data are the employees, not the data systems. If you look at electronic patient records, which have some of the most stringent privacy requirements known, every major disclosure of patient data that I have seen has resulted from the actions of employees not failures of the technology.
Thus, the requirement for auditing is not that different between networked and non-networked systems. Even if your office was located in Ft. Knox, if you couldn't demonstrate that you knew, at all times, who had access to the evidence and what they did with it, you'd have a problem proving integrity, IMHO.
Can I ask what measures you'd consider to "be enough" when dealing with the circumstances you mention? Does your organisation have a policy in this area?
We do have policies based on the security level of the data, but for the same reason, i can't go into detail.
I would be looking at tiered solutions, all common knowledge stuff, but I wouldn't want to be able to access any data through one layer of authentication, 2 factor or otherwise.
I completley agree with seanmcl, and whilst I do know where my data is and who has access to it, I would always strive to make this more granular if I was breeching the air gap. The policy is always weaker than the technology.
I would also want to look at how the applications are delivered. Having remote access to lots of high powered workstations and thick clients is not somewhere i'd want to be. There have to be better ways to run our tools over a network environment and I think this is the place to start. Once all my ducks are in a row, so to speak, then i'd like to be looking seriously at remote access.