Secure Internet Access

Authors:

  • Tommy Gustafsson
  • Lars Westerdahl

Publish date: 2011-09-14

Report number: FOI-R--3241--SE

Pages: 64

Written in: Swedish

Keywords:

  • Internet access
  • Internet
  • IT security
  • information security

Abstract

The Swedish Armed Forces wishes to supply Internet access with enhanced functionality compared to the current solution. The Internet access should be made available to employees through the standard workstation. The enhanced functionality must be weighed against the need to protect the internal IT-systems and information resources of the Swedish Armed Forces. The main question for this assignment has been if it is possible to build a solution for Internet access that corresponds with the needs and wishes of the Swedish Armed Forces, and at the same time minimizing the exposure of internal systems and assets. The assignment has been carried out by identifying and analyzing the threat profile which is related to the existence of an Internet connection. Then, the sought after functionality has been identified along with architectures which can supply the functionality. The identified architectures were then compared to determine the resulting exposure of internal systems. Internet related vulnerabilities have been evaluated along with suitable security measures to counter these vulnerabilities. The result of the analysis is a suggested architecture which combines the aspired functionality with a low exposure of the Swedish Armed Forces internal ITsystems and information resources. The architecture lets the workstations connect indirectly to the Internet. The users access the Internet through a terminal server architecture and the applications access the Internet through proxy-like architectures.