Secure Access Portal
Getting Started Guide for using
the Secure Access Portal
August 2011
1. Introduction
The Secure Access Portal enables the authority to provide simple but secure remote access to internal applications and resources such as email, Intranet and the Corporate Telephone Directory. It can be used by Members, employees, partners and contractors of the Council who have been provided with a Cryptocard authentication token. It provides the facility to connect to council applications and resources from any internet connected device subject to minimum security criteria which the portal checks for during the login process.
2. Accessing the System
The system is accessed via https://remote.cornwall.gov.uk On initial
connection you are presented with a council-branded landing page from which you can choose from a couple of options regarding the type of machine you are currently using. The difference scenarios are: Corporate and Public, as shown below.
On clicking any of these options a security policy is invoked and a mechanism called ‘Host Checking’ takes place. This is how the security and integrity of the connecting PC or device is determined. A number of checks are performed, e.g. relating to the state of anti-virus protection installed on the user’s machine.
These options are intended for different access scenarios:
• The Public options are for any other computer (i.e. not managed by the authority). Examples are home PCs, computers provided by business partners, web cafés and airport kiosks.
3. Logging On
The Portal uses “two factor” authentication when logging users on, which means that in order to successfully validate your identity you need to have a unique physical token as well as your usual username and password. The token is protected by a Personal Identification Number (PIN), and generates a unique one-time password each time you press the button.
Full instructions on how to use the token are provided in a separate CRYPTOCard user guide. In summary, to logon using the token you first enter your PIN and then append the one-time passcode which is read from the token display.
Also, note that when you provide your username it may need to be in full domain name format, that is, your usual username but prefixed by your domain name, e.g. cc\fbloggs. If you do not know your domain name then your line manager or the Service Desk will be able to help you, but as a rule of thumb:
- If you are an employee then your domain name is likely to be “cc”
- If you are a partner or customer then it will probably be “partner”.
A typical logon screen, with the information required, is shown below:
Your Portal session will timeout after a period of inactivity, after which you will need to logon again if you wish to continue working. This is for security reasons, in order to protect your session and data in case you forget to logoff or you leave your computer unattended.
4 digit token PIN
7 digit token Passcode
Your network user name in domain\username
format
Your usual network password
4. Your Portal Home Page
Once you have successfully logged on you will be presented with a home page. This is a customisable page which contains links to all of the applications you have been authorised to use. It can be personalised in various ways, and any changes you make will be remembered and used next time (even if you access it from a different computer).
Some key areas of the Home page are illustrated below:
You can access any of the listed applications or resources by clicking the link. If you require access to an application or resource which is not listed then you will need to log a request with the IS Service Desk
5. Launching Web Applications
The Web Bookmarks section contains your current list of bookmarks. You can add new bookmarks, or edit/remove existing ones.
The Preferences option allows you to arrange the order in which your web bookmarks are displayed on the home page.
Terminal Services or Virtual Desktop links Click links to start a Terminal Services or Shared Desktop session
Toolbar
Quick links to the Home page, Preferences, Help and Sign Out
Web Bookmarks
Any web resource you access can be bookmarked and added here for quick reference
Preferences
Add a bookmark
Collapse or expand the Web Bookmarks section Browse bar
Enter the name of an internal resource (e.g. an intranet site) to browse directly to it
When you click on a Web Bookmark it will launch in a new window. You will see that web site or application just as you would if accessing it internally
6. Changing Your Preferences
The home page toolbar and the web toolbar provide the option to change your preferences.
From the Preferences page, the options are arranged into three tabs: User Home, General and Advanced:
User Home preferences:
The User Home tab contains the Panel Sorting options, which allows you to arrange the layout of the various sections of your home page.
General preferences:
The General preferences tab contains the Change Password page. Use this option to change your Windows password.
Please note that this applies to your Windows network domain password, and is not related to your CRYPTOCard token. To change your CRYPTOCard token PIN number you should contact the IS Service Desk, as described in the CRYPTOCard Getting Started Guide.
Advanced Preferences:
The advanced preferences should normally not be required unless advised by the Service Desk.
Appendix A - How the Secure Access Portal Works
The system makes use of the SSL technology that is built into all common web browsers, all transmitted data is automatically kept confidential by means of encryption. There is no need to pre-install clients on any machines that require access to the network. This method of connecting to the
network is termed SSL Virtual Private Network (SSL VPN).
Two other mechanisms are available to further protect data. The first is a cache cleaner which clears out history and other caches after a user exits the system. The second is a host checker which is automatically downloaded onto the machine and performs several security compliance checks in order to verify that the machine meets a baseline criteria – for example the presence of Antivirus software is checked against a predetermined list as well as ensuring that it is up to date with on access scanning is enabled.
Depending on the level of security required, the Secure Access Portal can be configured to automatically clean the cache and other residual information when you end the session.
System Requirements
The Secure Access Portal is accessible from any computer that has a web browser and an Internet connection, be that a Windows PC or an Apple MAC, or a web-enabled mobile device such as a smart phone. Cornwall Council recommends using Microsoft Windows® 7 and Internet Explorer® 8 or 9. Please note that whilst the system aims to support most major operating systems and web browsers the Google Chrome® web browser is not supported and use of other web browsers and/or operating systems may reduce the features or functionality available in the portal.
Authorised users of the system need to be set up in advance, and must know their network username and password, and also will have been issued with a physical logon token (called a CRYPTOCard token).
If you would like this information in another format please contact: IS Service Desk Cornwall Council County Hall Treyew Road Truro TR1 3AY Telephone: 01872 323202 Email: servicedesk@cornwall.gov.uk www.cornwall.gov.uk
