Using Reflex Disknet Pro to Aid Compliance with BS 7799 & ISO/IEC ...
Using Reflex Disknet Pro to Aid Compliance with BS 7799 & ISO/IEC ...
Using Reflex Disknet Pro to Aid Compliance with BS 7799 & ISO/IEC ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
From <strong>with</strong>in the RDP administration management console a security profile can be<br />
built <strong>to</strong> apply <strong>to</strong> a user, or more usually a group of users. By selecting “<strong>Pro</strong>file<br />
Templates” a range of policy decisions can be enforced. Fig. 1 above shows the<br />
Removable Media Manager tab from <strong>with</strong>in the profile template of a “standard user”<br />
2. Physical and environmental security [7]<br />
This section deals <strong>with</strong> unauthorised access, damage and interference <strong>to</strong> business<br />
premises and information. RDP addresses issues raised under clause 7.2 Equipment<br />
security.<br />
2.1. Security of equipment off-premises [7.2.5 (a) & (c)]<br />
The standard maintains that “regardless of ownership, the use of equipment outside<br />
an organisation’s premises for information processing should be authorised by<br />
management. The security provided should be equivalent <strong>to</strong> that for on-site<br />
equipment used for the same purpose, taking in<strong>to</strong> account the risks of working<br />
outside of the organisation’s premises.”<br />
RDP ensures that the last security profile template in force when that equipment<br />
(PC/lap<strong>to</strong>p) was last used inside the organisation’s premises, will apply <strong>to</strong> the<br />
equipment when used outside of the premises. If the PC/lap<strong>to</strong>p was never<br />
connected <strong>to</strong> the network where a security profile template would be au<strong>to</strong>matically<br />
applied or had specifically imported on<strong>to</strong> it a security profile template, then the default<br />
“lock-down” template would apply. In this way, controls can be applied <strong>to</strong> mobile<br />
workers consistent <strong>with</strong> those controls that apply <strong>to</strong> members of the organisation’s<br />
LAN.<br />
This clause also raises the issue of media left unattended. The risk here is the<br />
unauthorised access <strong>to</strong> information. It is essential that the information contained on<br />
the local hard disk of the PC/lap<strong>to</strong>p be protected, either by access control<br />
mechanisms or encryption. Equally, the security of removable media needs <strong>to</strong> be<br />
addressed, especially since modern portable s<strong>to</strong>rage devices can hold vast amounts<br />
of data. The 2Gig memory stick is a reality.<br />
RDP manages this risk by providing a centrally managed encryption system. Users<br />
and groups can be au<strong>to</strong>matically supplied <strong>with</strong> keys <strong>to</strong> encrypt and decrypt all<br />
information s<strong>to</strong>red on removable devices. Fig. 2 below shows the EPM (Encryption<br />
Policy Manager) tab from <strong>with</strong>in the profile template. <strong>Using</strong> the options on this tab, an<br />
administra<strong>to</strong>r can create a policy where all removable media is encrypted by default.<br />
Segregation of information can also be achieved by dictating if the user can view<br />
information written by another user.<br />
The system also allows the off-line access <strong>to</strong> encrypted information via the input of<br />
the users personal password, where desirable. This is achieved <strong>with</strong>out the need <strong>to</strong><br />
install any additional software on the host machine.<br />
© <strong>Reflex</strong> Magnetics Ltd 7