The department plans to implement a new SOE for its 5,000 desktops, which are located in 85 countries around the world. Any supplier looking to secure that environment, DFAT said this week in tender documents, must provide a solution capable of stopping all unauthorised applications.
DFAT specified games, malware, unlicensed software, screensavers, scripts and the deadly trio of trojans, worms and viruses as undesirable applications.
However, the department also stipulated that any solution "must have no adverse impact on system performance", shouldn't rely on black and white lists (untrusted and trusted e-mail addresses and servers), and must work on notebooks even when they're not attached to the network.
While the department requires any would-be-vendor to possess a minimum government security clearance level of 'top secret', it apparently does not even trust its users.
The software "must not be able to be disabled by a standard user on a Windows XP workstation," DFAT stipulated.
Finally, a vendor must make available to the department -- preferably online -- the number, type and frequency of any security incidents encountered by DFAT computers.
Each DFAT location is connected by the government's Secure Australian Telecommunications and Information Network (SATIN). At the core of the system is a Windows 2000 and Citrix MetaFrame Terminal Server farm based on Hewlett Packard Proliant servers.
The department has also issued tenders calling for vendors to provide desktop and laptop hardware to its domestic and international locations, as well as IT services management software for the SATIN network and help desk.
The department has a good idea.
they just need to change one thing.
get rid of microsoft based systems.
all unix / linux / bsd operating systems have exactly the type of security they want.
with no virus, spyware, unlicenced software possible.
best of all, the cost of implementing, with newer versions of linux, is $0.00 for software, and $0.00 for training.
don't beleive hat cost?
download a lovecd version, that includes open office, you can read and write your ms office files, and don't need to learn anything about linux details to use it.
just like windows, it boots into a gui layout similar to windows, no training needed.