Protecting the Internal Network

So who is logging onto my network?

 NHS organisations typically store identity information in many places, this can lead to inconsistency in information but also provide challenges when people join or leave the organisation. Microsoft Identity Lifecycle Manager (ILM)[1] simplifies the process of matching and managing identity records from disparate data repositories, and prevents anomalies, such as active records for employees who have left the NHS. ILM provides your organisation with a policy framework to control and track the identity and access data that helps manage compliance. It also includes self-help tools for end users, enabling your IT department to improve efficiency by securely delegating many tasks to end users.

Another key feature of ILM is that it includes a Windows-based certificate management solution that integrates with the Windows Server 2003 operating system and Active Directory to provide a turnkey solution for managing the end-to-end life cycle of smart cards and digital certificates for the Windows Server 2008 Certificate Authority.

ILM enables your organisation to:

o Synchronise identity information across a variety of heterogeneous directory and non-directory identity stores. This enables you to automate the process of updating identity information across disparate platforms while maintaining the integrity and ownership of that data across the enterprise.

o Provision and de-provision user accounts and identity information such as distribution, e-mail accounts, and security groups across systems and platforms. New accounts for employees can be created quickly based on events or changes in authoritative stores like the human resources system. Additionally, when employees leave a company, they can be immediately de-provisioned from the same systems.

o Manage certificates and smart cards. ILM includes a workflow and policy-based solution that enables organisations to easily manage the life cycle of digital certificates and smart cards. ILM leverages Active Directory Services and Active Directory Certificate Services to provision digital certificates and smart cards, with automated workflow to manage the entire life cycle of certificate-based credentials. ILM significantly lowers the costs associated with digital certificates and smart cards by enabling organisations to more efficiently deploy, manage, and maintain a certificate-based infrastructure. It also streamlines the provisioning, configuration, and management of digital certificates and smart cards, while increasing security through strong, multi-factor authentication technology.

I need to provide secure internal access

Smart Cards and certificates are now the norm in many NHS organisations. However, they can provide challenges in terms of certificate creation and management.

Fundamental improvements to Certificate Services in Windows Server 2008 can help NHS organisations from a security, manageability, and interoperability perspective. Microsoft introduces a completely new cryptography API in Windows Vista and Windows Server 2008. This Advanced Cryptography Support is a new infrastructure component in Windows and is also a component used by Active Directory Certificate Services. CNG supports classic cryptographic algorithms supported through CSPs as well as new algorithms like Elliptic Curve Cryptography (ECC). A flexible implementation model allows you to dynamically switch between algorithms as needed.

I need an effective patch management solution

 Two key products from Microsoft (both of which are available to the NHS today) provide this functionality. The first is Windows Server Update Service (WSUS). Rather than your pc’s connecting directly to Microsoft for your updates you can host a WSUS server inside of your environment. You connect this server to Microsoft, download the patches (once) and then decide which are suitable for deployment in your organisation. Your PC’s then connect to your WSUS server instead of Microsoft.

The second product is System Centre Configuration Manager (SCCM) formerly called SMS. SCCM provides a comprehensive patch management solution as well as software and hardware asset management, software and operating system deployment etc.

 There are a number of guidance document available to the NHS as part of the Common User Interface (CUI) Program.

Some of my users logon infrequently and I need to check the health of their machines

One of the most time-consuming challenges that administrators face is ensuring that computers that connect to the private network meet health policy requirements. Network Access Protection for Windows Server 2008 and Windows Vista helps administrators enforce compliance with health policies for network access or communication. Network Access Protection (NAP) does not prevent an authorised user with a compliant computer from uploading a malicious program to the network or engaging in other inappropriate behaviour though.

When a user attempts to connect to the network, the computer’s health state is validated against the health policies as defined by the administrator. Administrators can then choose what to do if a computer is not compliant. In a restricted access environment, computers that comply with the health policies are allowed unlimited access to the network, but computers that do not comply with health policies or that are not compatible with Network Access Protection, have their access limited to a restricted network. Once they become compliant (through installation of patches etc) they are granted access to the network.

Some of my remote offices are not secure

Often as IT professionals we have to install servers in remote or branch offices such as GP surgeries. These locations don’t necessarily offer the same level of physical security as say an NHS Trust data centre. A new feature in Windows Server 2008 – that of Read Only Domain Controllers can help mitigate the risks of a server being stolen.

A read-only domain controller (RODC) is a new type of domain controller in the Windows Server 2008 operating system. The Read-Only Domain Controller (RODC) is primarily targeted towards remote sites such as GP Surgeries. RODC doesn’t store any passwords, by default. That way, if the RODC is compromised, then an administrator doesn’t have to worry about someone gaining access to the entire network using the information stored on that server. This addresses the lack of physical security that can occur at GP Surgeries. So the threat to the Active Directory is drastically reduced.

If a RODC is compromised, the administrator can demote the RODC and can quickly reset all passwords for accounts that were cached on that RODC.

 [1] Not currently covered under the NHS Enterprise Agreement.