S 5.121 Secure communication when travelling

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: User, Administrator

Portable terminal devices such as laptops or PDAs are often designed to access data using the internet or the internal network of an organisation when travelling. For this, public communication networks are normally used. Since neither the organisation nor the mobile employees have any significant influence on whether or not the confidentiality, integrity, and availability are protected in a public communication network, additional safeguards must be implemented in order to protect the information.

In general, the data transmission between a portable terminal device and the LAN of an organisation must meet the following security requirements:

• Ensuring the confidentiality of the transmitted data: sufficiently secure encryption of the data transmission must ensure that no conclusion may be drawn with regard to the content of the data even when eavesdropping on the communication. In addition to using a suitable encryption procedure, it is also necessary to use appropriate key management and to periodically replace the keys.
• Ensuring the integrity of the transmitted data: the transmission protocols used must provide the option of detecting and maybe even eliminating changes to the transmitted data. For example, such changes may be caused by transmission errors (technical problems) or by deliberate manipulations performed by an attacker. Additionally, it may make sense to use digital signatures in order to ensure data integrity.
• Ensuring the authenticity of the data: when transmitting the data it must be possible to reliably determine if the right parties are communicating with each other so that masquerades or a man-in-the-middle attack can be ruled out. To this end, the communication partners must authenticate each other (for example using digital certificates).
• Ensuring the comprehensibility of data transmission: logging functions which allow subsequent determination of which data was transmitted at what time and to whom may be used to ensure communication can be comprehended.

The strength of the mechanisms required for this purpose depends on the protection requirements of the data transmitted. Module S 1.7 Crypto-concept contains a description as to how adequate cryptographic procedures and systems can be selected and used.

If portable terminal devices are to access internal recourses across public networks, the use of a Virtual Private Network (VPN) is strongly recommended. The corresponding products are available from diverse manufacturers and for practically all commonly used platforms. Access to data or systems with high protection requirements must only be possible with the corresponding security safeguards.

For access to internet applications where sensitive data such as personal data, internal information, or account information must be exchanged, at least SSL must be used for the purpose of encryption (see also S 5.66 Use of TLS/SSL).

Connection to other IT systems

When using portable terminal devices such as laptops or PDAs, data is often to be exchanged with other IT systems, for example with business partners. Connection to other IT systems is often also required in order to access the internet. This may be performed in different ways, depending on which technologies are supported by the devices involved, e.g. using infrared, Bluetooth, WLAN, or GMS interfaces. At this point, the transmission technologies must be used securely on the one hand (more information about this can be found in the corresponding IT-Grundschutz modules and other BSI publications) and the organisation's own IT systems must be configured securely on the other hand. For mobile clients, this includes security safeguards such as access control, user authentication, anti-virus protection, personal firewall, restrictive file and resource sharing on an operating system level, local encryption, etc.

If a portable terminal device is to be connected to third party networks or the internet, the system must be protected by a personal firewall (see also S 5.91 Use of personal firewalls for clients).

Use of third party IT systems

When using third party IT systems, e.g. in internet cafés, or when connecting one's own devices to third party IT devices, e.g. in order to exchange files, all users should be aware of the fact that these systems must be classified as insecure systems. It must not be assumed that these are free of any malware (e.g. computer viruses or Trojan horses). Furthermore, it must always be considered whether and where sensitive information may have been stored by use, e.g. in temporary files, in the cache of a web proxy, or in the browser cache. Access to data or IT systems with high protection requirements must not be possible from such insecure systems.

All organisations should dispose of unambiguous rules as to which data may be accessed when travelling and which may not. First and foremost, all IT users must be aware of the general conditions governing the exchange of data using external networks or directly with third party IT systems (see also S 2.217 Careful classification and handling of information, applications and systems and S 2.218 Procedures regarding the personal transportation of data media and IT components).

Review questions:

• Have appropriate safeguards been taken in order to protect transmitted data according to its protection requirements?
• When connecting to third party IT systems and/or the internet: Is the IT system protected, e.g. by a personal firewall?
• When using third party IT systems: Have the users been made sufficiently aware of the threats resulting from the use of third party IT systems?