National Security Agency designs data protection to open options for traveling decision makers.
The adoption of networked systems and the prevalence of Internet use have created the potential for unauthorized access to critical data. U.S. Defense Department officials believe that uncontrolled Internet connections pose a significant and unacceptable threat to all of their information systems and operations. Ensuring secure transmissions and the authenticity of data while allowing users to connect from remote locations requires high levels of security.
Military and government personnel are familiar with physical security measures on bases and at facilities that store and manage mission-critical information. However, according to The Gartner Group, today more than 15 million people in North America work off site, and this number is projected to rise to 70 million by 2003. Another research firm, Warren H. Suss & Associates, estimates that there are 500,000 potential users of secure remote access in the U.S. military and government alone. These individuals now require, from their homes or while traveling, real-time access to sensitive data stored on enterprise networks.
To address this challenge, the National Security Agency’s (NSA’s) information assurance solutions group initiated the remote access security program (RASP). Its goal is to design security solutions that provide robust, secure remote access to information, particularly in the military sector. During the past three years, the NSA has been working extensively with Kasten Chase Applied Research Limited, Toronto; Rainbow Mykotronx, Torrance, California; and Spyrus, Santa Clara, California, to develop a system that can be used by military, government and commercial organizations.
The NSA designed RASP to deliver a solution that is both convenient to the user and meets the Defense Department’s baseline requirements for remote access security. The Office of the Assistant Secretary of Defense recently emphasized these requirements and the importance of increasing the security posture of the unclassified but sensitive Defense Department network.
Typical remote access systems allow off-site users to dial into a local area network (LAN) to access the same services that would be available to them if they were connected locally. Access to all files, e-mail and databases is maintained, and users retain all World Wide Web-browsing capabilities. However, the RASP system takes this capability one step further by providing remote access securely at all points.
For example, a military officer traveling in Europe may be required to provide immediate input about a military operation. The officer would need the capability to dial securely into unclassified, mission-critical network resources and access reports and information as well as connect to the Defense Message System to retrieve correspondence related to the crisis. RASP allows the officer to be a virtual participant in the crisis from anywhere in the world.
The agency and its technology partners have embarked on extensive development and testing of RASP. Consisting of three components, the system provides secure remote access to critical networks and data not only through the use of an encrypting modem but also through an authenticating remote access server and media encryptor.
Developed by Rainbow Mykotronx, the Palladium secure modem is a personal computer memory card interface association (PCMCIA) modem with an onboard cryptographic processor providing tamper-resistant, secure communications for sensitive-but-unclassified information. It maintains the confidentiality of data transmitted over the public switched telephone network (PSTN). Using the government-approved Skipjack algorithm, it encrypts/decrypts all data communications between a secure modem in the user’s laptop and the secure modem in the second component, the OPtiva Secure Plus remote access server. An access control list resident on each Palladium and the Fortezza key exchange algorithm provide an effective means of token-based authentication, ensuring that only authorized users can establish connections. The Palladium requires that authorized users enter the proper personal identification number (PIN) prior to use.
Perfected for the RASP architecture by Kasten Chase Applied Research, the OPtiva Secure Plus remote access server provides a secure network connection once a communication link is established between the two Palladium secure modems. The server effectively extends the services of Internet protocol and Novell Internet packet exchange LANs to remote users via encrypted, dial-up point-to-point protocol connections. With eight PCMCIA slots, OPtiva supports eight concurrent, secure dial-up connections. It offers extended support for third-party client software such as dial-up networking included with Windows 95, Windows 98 and Windows NT.
Media encryption is the final component in the RASP system and safeguards the confidentiality and integrity of data stored on a laptop or workstation. It prevents unauthorized access to information stored on a laptop should the computer be lost or stolen. Prior to installation, a PIN is assigned to the user and securely stored on a Fortezza cryptography card. During system start up, the user enters the number to gain access to encrypted information on the disk. Access is immediately suspended if the cryptography card is removed. A media encryptor for Windows 95 operating systems, called the Talisman/DS, has been developed by Spyrus, while Kasten Chase Applied Research has developed a media encryptor for Windows NT 4.0 operating systems. Both systems currently are undergoing the final stages of NSA security evaluation.
The two communications components of the solution, the Palladium Secure Modem and the OPtiva Secure Plus remote access server, have successfully completed NSA testing and demonstrated the necessary safeguards for the transmission of sensitive, mission-critical data in remote access applications. As a result, they can now be used to access sensitive-but-unclassified data for a range of applications, including dial up from remote locations over the PSTN and enclave-to-enclave communications over dedicated lines as well as access to the Defense Department’s nonsecure Internet protocol routing network (NIPRNET). In addition, the current RASP system can be used to access secret data from remote locations over the PSTN and, under special circumstances, on the Defense Department’s secure Internet protocol router network (SIPRNET). The NSA has developed a set of regulations and policies regarding the implementation and use of secure remote access solutions.
In addition to playing an integral role in developing the system, the agency provides users with a security awareness training package as part of the leave-behind design and certification and accreditation documentation. It also works closely with the information systems security officers of specific military services and government agencies to ensure that their individual security needs are met because requirements and policies often differ between organizations.
Access to the LAN is only one part of the solution. The integrity of all data being accessed over the network must also be protected. RASP also meets the security challenges inherent in this process by providing several safeguards.
To defend against unauthorized access to a protected LAN, the system implements two-factor authentication, a feature that requires a legitimate user to both have a secure PCMCIA modem and know its password or PIN. In the event of a personal computer theft, an unauthorized user could not gain access to the network without the seven-digit password. The secure modem will disable itself automatically if an incorrect password is entered more than a predetermined number of times. In addition, it is also critical to protect the information on the hard drive. RASP prevents unauthorized users from accessing data by encrypting all sensitive information on the hard drive, which ensures that even if the PC is stolen, the data remains safe.
Accessing sensitive, mission-critical information over unsecured telephone lines could potentially compromise business practices or national security. RASP prevents eavesdropping on unsecured public lines or satellite links through real-time encryption of all transmitted data. Link encryption protects information from interception or compromise by any third party.
Before adopting a RASP system, an organization must consider its security requirements. Individual services and agencies should build upon these standards to establish their own policies to ensure that remote access when used within a system context follows sound security practices.
Roger Black is the program manager for both the remote access security program and the next-generation high assurance remote access solution at the National Security Agency. He is a certified information system security professional specializing in secure network engineering.