Development by Common Technology Services team provides two options for internet and secure roaming
Two new Wi-Fi solutions for central government have emerged from the Common Technology Services (CTS) team in the Government Digital Service (GDS).
Pilots are being run in a handful of buildings, including GDS headquarters Aviation House, with a plan to move the solutions into a beta phase with a full service wrap in the next few weeks.
Alistair Cowan of CTS has outlined the plans in a blogpost, saying the user.wifi solution has been developed for internet and roaming between government buildings, while device.wifi is aimed at providing a higher level of security with direct privileged network access.
Their development is part of the GDS programme of creating shared solutions for government to prevent the duplication of effort in ICT programmes.
The user.wifi solution provides internet access to guests, visitors and staff in government buildings with virtual private networks, using the open standard RADIUS authentication protocol that is supported on almost all wireless access points.
It provides internet access only, but Cowan says the solution takes out as much manual administration as possible, and that CTS is trying to automate the troubleshooting through the sending of emails to a site administrator if a common problem is detected.
Credentials and isolation
Security revolves around the random generation of user credentials, which means if they are stolen the attacker only gains access to the internet. Also, clients are isolated from each other on the wireless infrastructure, which prevents an attacker signing up as a guest to harm other users.
There is also a common authentication solution that allows devices to roam between any buildings that use user.wifi.
GDS is funding the solution so there will be no cost for departments to pick it up.
The higher security device.wifi is only suitable for managed devices, which excludes guests and any employees using their own devices. It relies on public key infrastructure for security, and participating departments need to roll out certificates to managed devices to provide the relevant authentication.
Server certificates will be checked by the internal certificate authority automatically to eliminate the risk of connecting to a rogue network.
This is all complemented by an intelligent VPN that knows the difference between being connected to a trusted internal network and when it is roaming.
CTS has also produced guidance on shared wide area networks to show how to share the links in multi-tenanted buildings.
Image from iStock
