May 04 2011

Simple Security on the Go

The Air Force Research Lab creates a tool to protect the network when users log in remotely.

Security, cost savings and simplicity.

That's what most agency telework managers are looking for in the technology used by federal workers at home. And those are three clear-cut benefits for using the Lightweight Portable Security Remote Access software developed by the Air Force Research Lab's Anti-Tamper Software Protection Initiative, says Dee Thompson, director of IT for the Treasury Department's Office of Inspector General.

The security aspect is a no-brainer. The ATSPI system lets a remote user log on to a secure network from any PC. The software boots the user's PC from the CD drive, operating only in RAM. Any malware that might exist on the client PC won't infect the network. Users get access to their server-side desktop using Citrix or Microsoft Remote Desktop Protocol.

"You really take security out of the hands of the everyday user," Thompson says.

The Treasury OIG is the first non-Defense agency to deploy LPS Remote Access. It will begin using the software when the developers complete their custom configuration, which is expected this summer.

Rich Kutter, demonstrations and deployment team lead for the ATSPI Technology Office and the lead developer of LPS Remote Access, says roughly 90 Defense Department agencies are using the technology, making it available to as many as 100,000 users. Other civilian agencies have inquired about adopting the technology, Kutter says.

"This helps safeguard against some very specific cybersecurity threats, so it certainly would be useful for civilian agencies," says Patricia Edfors, a principal with Banrion Consulting and a judge with the ­Information Systems Security Certification Consortium, which gave the software a 2010 Government Information Security Leadership Award.

The software also offers agencies considerable savings. By letting any PC be a trusted endpoint to a secure network, it saves agencies from having to furnish a PC for users who want to telecommute or work from the road.

"In a disaster recovery situation, it's easy," Thompson says. "We can buy some laptops and get on the Internet and log right into our system and start working."

The Telework Connection

The DOD CIO approved LPS Remote Access for Defense-wide emergency telework use in December 2009. LPS Remote Access is the only approved means of allowing nongovernment computers access to DOD's Unclassified but Sensitive Internet Protocol Router Network.

Kutter's office custom-configures the software for any agency that wants to use it. Civilian agencies must pay a fee to comply with federal funding laws. ATSPI tailors the software to work with a customer's remote desktop servers and provides cosmetic updates such as adapting documentation and logos for the customer agency.


ATSPI is looking into providing the LPS-Remote Access to state and local governments and the private sector.

The configuration process is generally "very straightforward," but configuring the software for a user's virtual private network can be challenging, Kutter says.

Once the product is rolled out to users, ATSPI also provides technical support. "We support them sort of like a Tier 2 or Tier 3 help desk," Kutter says. "Their help desk provides immediate user support, then we handle any problems they can't answer."

Implementation is simple. Thompson says he'll be rolling out the software to every user in his agency once they've attended a training class. "Pretty much when people walk out the door of the training, we'll hand them a CD," he says.

<p>Photo: Mipan/Veer</p>