@MASTERSTHESIS\{IMM2003-02529,
    author       = "S. Maigaard",
    title        = "Unders{\o}gelse af datasikkerhed i forbindelse med hjemmearbejdspladser i Danmark",
    year         = "2003",
    school       = "Informatics and Mathematical Modelling, Technical University of Denmark, {DTU}",
    address      = "Richard Petersens Plads, Building 321, {DK-}2800 Kgs. Lyngby",
    type         = "",
    note         = "Supervisor: Robin Sharp",
    url          = "http://www2.compute.dtu.dk/pubdb/pubs/2529-full.html",
    abstract     = "Projektets form{\aa}l har v{\ae}ret at unders{\o}ge mulighederne for at etablere sikre hjemmearbejdspladser i Danmark. Som udgangspunkt for projektet er der udarbejdet en sikkerhedspolitik for hjemmearbejdspladser, baseret p{\aa} den internationale standard {ISO} 17799 samt informationer fra st{\o}rre, danske organisationer. Sikkerhedspolitikken fungerer b{\aa}de som udgangspunkt for projektets videre forl{\o}b samt eventuelt som skabelon for danske virksomheders udvidelse af deres eksisterende sikkerhedspolitikker.

En r{\ae}kke sikkerhedsproblemer, som implementeringen af hjemmearbejdspladser kan medf{\o}re, er gennemg{\aa}et. S{\aa}ledes er mange angrebstyper beskrevet og kommenteret, ligesom forslag til metoder til at forhindre disse er givet. Dermed er der ogs{\aa} skabt motivation for projektets m{\aa}l   at udarbejde et designforslag for en sikker implementering af hjemmearbejdspladser i en dansk virksomhed.

Adskillige relevante teknologier til sikring af hjemmearbejdspladser er blevet gennemg{\aa}et. S{\aa}ledes er fx {VPN} og firewalls gennemg{\aa}et, s{\aa} disse teknologier senere kan benyttes i designforslaget. Desuden er de danske teleselskabers l{\o}sninger blevet analyseret. Her er der lagt v{\ae}gt p{\aa} sikkerheden og muligheden for at kunne segmentere hjemmets netv{\ae}rk s{\aa} eventuelle private computere ikke udg{\o}r en {\o}get sikkerhedsrisiko. De mest relevante love, anbefalinger, best practices og standarder er herefter blevet gennemg{\aa}et, for at samle en r{\ae}kke krav, som tilsammen danner grundlaget for udarbejdelsen af designforslaget. S{\aa}ledes er der samlet information fra bl.a. persondataloven og terrorloven, fra Ministeriet for Videnskab, Teknologi og Udvikling samt fra standarder som {DS} 484. 

Opsamlingen af disse informationer har resulteret i et designforslag, som inkluderer b{\aa}de hjemmearbejdspladsen i sig selv, infrastrukturen i hjemmet samt de krav, som stilles til virksomhedens netv{\ae}rk. Designforslaget l{\o}ser de sikkerhedsproblemer, som rapporten tidligere har omtalt samt sikrer, at brugervenligheden holdes i fokus, s{\aa} brugen af hjemmearbejdspladserne bliver en positiv oplevelse for brugerne. Det konkluderes, at projektet har resulteret i et designforslag, som kan benyttes af danske virksomheder og organisationer som et udgangspunkt for deres egen implementering af hjemmearbejdspladser. CyberCity kan som det eneste, danske teleselskab levere en samlet l{\o}sning, som kan erstatte den implementering, virksomheden ellers skulle foretage i hjemmene.

Der gives forslag til videre arbejde med projektet. S{\aa}ledes kan en lettere tilg{\ae}ngelig h{\aa}ndbog udf{\ae}rdiges til danske administratorer, ligesom der kan arbejdes videre med en model, som skal sikre mindre afh{\ae}ngighed af den ekspertise, netv{\ae}rksdesigneren besidder. Desuden foresl{\aa}s udvidelser til designet, et fors{\o}g med implementering samt en analyse af problemstillingen ved brug af mobile enheder.

In English:

The purpose of the project has been to explore the possibilities of creating secure home offices in Denmark. As a foundation for the project, a security policy for home offices has been created based on the international standard {ISO} 17799, and on information from large, Danish organizations. The security policy functions not only as a basis for the rest of the project, but also as a guideline for the extension of the existing security policies of Danish corporations.

Several security problems that arise from the implementation of home offices have been analyzed. This includes descriptions of attack patterns, and suggestions on how to mitigate these attacks. These descriptions provide the motivation and goal for the project   the design of a secure implementation of home offices for Danish corporations.

A number of relevant technologies for securing home offices have been analyzed. As an example, {VPN} and firewalls have been analyzed in order for them to be used later in the design proposal. The implementations from the Danish telecommunications companies have also been analyzed. In this analysis, the focus has been on security and the ability to segment the home networks in an attempt to prevent private computers from posing an increased security risk. Relevant laws, recommendations, best practices and standards have been reviewed in order to collect a number of requirements to be met by the design proposal. Information has been collected from, amongst others,  persondataloven  (law concerning personal data),  terrorloven  (anti-terror law), the  Ministry of Science, Technology and Innovation  and from standards such as {DS} 484.

The collection of this information has resulted in a design proposal which considers the home office computer in itself, the infrastructure in the home and the requirements for the corporate network. The design proposal solves the security problems described earlier in the report while maintaining focus on user friendliness to keep the home offices a positive experience for the users. It is concluded that this project has resulted in a design proposal which can be used by Danish corporations and organizations as a foundation for their own implementations of home offices. CyberCity can, as the only Danish telecommunications company, deliver a combined solution which can replace the implementation in the homes otherwise carried out by the corporation.

Suggestions for further work are included such as writing an easier accessible booklet for Danish network administrators, and continued work on the model to ensure less dependency on the expertise of the network designers. Furthermore it is suggested that an implementation of the design and an analysis of the problems of including mobile devices be carried out."
}