<p>The full Janusseal suite including all Janusseal products</p>
Does Janusnet support Blackberry devices?
Janusnet supports Blackberry devices.
Two whitepapers are available to enable the native classifcation capabilities of Blackberry devices (KB article), and to enable the filtering capability of the Blackberry Enterprise server (KB article).
Janusnet do not have software that is installed on Blackberry devices.
What is the Janusseal licensing model?
Janusseal products are licenced on a perpetual basis.
All products are provided on a per seat basis to match the number of users that use the product. Normally there would be a one-to-one match of licenced seats and staff.
Janusseal Mobile App has a small setup fee, about 2 hours, licences are about $2 each and a site licence is achieved at 5,000 users.
Janusseal for Outlook Web App licences are not provided on a concurrent session basis, but on the number of users who can access Outlook Web Access. There is no server fee - just the number of users.
Janusseal SafeDomain Extension, the add-on to Janusseal for Outlook that checks the integrity of an Outlook message before sending has to be acquired in the same quanitity as the number of Janusseal for Outlook licences
Does Janusnet support IBM Lotus Notes?
Janusnet does not currently support IBM Lotus Notes.
How is Janusseal configured by technical staff?
Janusseal for Outlook, Janusseal for Outlook Web App and Janusseal Documents are highly configurable using Group Policy Objects. This allows for centralised implementation of policy, such as controlling the range of classifications available according to the network’s security rating. Stock Administrative Templates are supplied for use in the Group Policy Editor. Janusseal Schema can be used to develop more customized schemas and templates.
How does Janusseal enable Management of Police Information (MoPI) compliance?
Janusseal allows for the enforcement of policy so that documents and emails are marked in accordance with the Government Protective Marking Scheme (GPMS). (MoPI Guidance 4.2 Principles of Recording)
A GPMS specific schema is available for download (GPMS Schema)
How does Janusseal mark documentation which can be utilised by perimeter security systems?
By classifying documents and emails, you can use perimeter security systems to limit the egress of sensitive information.
Janusseal Documents inserts the security classification marking into files as custom document properties. These properties are readable by other systems.
If a user attaches a document an email, Janusseal for Outlook automatically inherits the security classification of the attachment. The user cannot set the email's classification lower than that of any attachment.
When the user sends the message, Janusseal for Outlook inserts the protective marking into the email. The markings are inserted into pre-configured locations in the message, such as the subject line, X-Header and many more. These markings may be interpreted by perimeter security systems, such as email gateways, and filtered accordingly.
A whitepaper discussing the integration of Janusseal and email gateway filtering is available here.
How does Janusseal make use of Active Directory and Group Policy?
Janusseal makes extensive use of Active Directory and Group Policy.
Janusseal for Outlook, Janusseal Documents and Janusseal for Outlook Web App are configured using Group Policy Objects (GPOs). The ZIP packages for these products include a number of Group Policy Administrative Template (ADM) files for a several well known security classification schemas including those for Australian Government agencies and UK Government entities (GPMS). These Group Policy Administrative Template files are loaded into the Group Policy Editor. The domain administrator(s) use the Group Policy Editor to define one or more Janusseal related Group Policy Objects; each Group Policy Object defines a set of secure policy settings (configuration parameters) for the Janusseal product or products.
With the use of Active Directory groups (OUs) and security groups, the Janusseal configuration can be easily customised for various machine and user groups based on which Group Policy Objects are linked with the group in Active Directory. This allows for additional capabilities for some groups, such as the ability to classify information at higher levels. Using the powerful features of Microsoft Group Policy management it is a simple matter to enable higher classifications for a group of users who have higher security clearance when working on more secure workstations. This example is fully explained in the Janusseal product's Administration Guide.
Active Directory and Group Policy may also be used for deployment of the Janusseal products to desktops in the Windows domain (or servers, in Janusseal for Outlook Web App's case). Each product is packaged as a standard Microsoft Installer (MSI) file. With the Janusseal MSI placed on a network fileshare, a GPO can have a link to the MSI defined under the Software Installation area of the GPO. For any machine that is in an Active Directory group linked to this GPO, the next time it reboots the Janusseal software will be automatically installed on it.
Janusseal Schema can be used to develop new organisation specific security classification schemas, or extend existing schemas. Janusseal Schema can then be used to create Administrative Template (ADM) files for all Janusseal products based on the schema definition. Pre-made schema definition (SCS) files, for use with Janusseal Schema, can be downloaded from the Janusseal Schema forum. Currently there are SCS files for use by Australian Government agencies, UK Government entities (GPMS compliant), Government of Canada agencies, Singapore Government, USA Government and a schema that complies with the Traffic Light Protocol.
What training is required for technical staff for deployment, configuration and management of Janusseal?
In general, no specific face-to-face training is required for technical staff for deployment, configuration and management of Janusseal.
Janusseal for Outlook, Janusseal Documents and Janusseal for Outlook Web App are each supplied with a comprehensive Administration Guide. The guides are intended for system administrators of an organisation's Windows based infrastructure. These guides assume a good working knowledge and experience equivalent to MCSE, MCSA or MCTS. Sound knowledge of MS Group Policy operation and management is essential.
The Administration Guides contain enough information for technical staff for deployment, configuration and operation.
Further support information is available for the Janusnet Knowledge Base.
If necessary, bespoke training sessions for technical staff for the administration of Janusseal products can be organised. Click here to contact Janusnet.
What technical resources are required at the customer site for deployment and configuration of Janusseal?
In general, for deployment and configuration of Janusseal to production environments, technical staff require access to
How can Janusseal be deployed over a large geographical area with minimal disruption to services?
Janusseal uses Microsoft standard installation technology, Microsoft Installer (.msi) files, for deployment to workstations.
The software may be deployed using a range of technologies, such as Group Policy and Microsoft Systems Management Server (SMS).
The Janusseal installation packages are relatively small, of the order of 5 MB per product.
The software will be installed on a workstation when it logs onto the domain, and prior to the user logging on to the network. The installation is reasonably quick, typically less than one minute.
To further optimise deployment on Wide Area Networks, the installer (.msi) files can be stored on a local file share in each geographic location. Group Policies associated with each geographical location would specify installation on workstations from the local file server.
Further information discussing deployment is available in each product's Administration Guide. These guides are available for download, included in each product's download package.
How does Janusseal enable Code of Connection (CoCo) complaince for UK Local Authorities connecting to the GCSX?
Local Authorities in the United Kingdom (UK) can connect to the Government Connect Secure Extranet (GCSX) provided that have achieved Code of Connection (CoCo) compliance.
Products in the Janusseal suite enable compliance against the protective marking (security labels) requirements of CoCo and of Her Majesty's Government Security Policy Framework. The Janusseal products require senders of email messages to apply the Government Protective Marking System (GPMS) to all sent messages. This ensures all email messages are protectively marked as required by CoCo.
Further, by including Janusseal for Outlook SafeDomain Extension in their GCSX architecture, Local Authorities can provide their staff with a simple single mailbox solution which is able to ensure sensitive messages (PROTECT or RESTRICTED) are always delivered by the secure GC Mail system of GCSX.
See this page for more information on the Janusseal solution for CoCo compliance and simplified GC Mail.
What is the difference between security classifications, qualifiers, qualifier associations and caveats?
Security classifications are the terms used to classify (categorise) information according to its sensitivity or criticality to a business, organisation or entity. They tend to be broad categorisations, for example PUBLIC as opposed to CONFIDENTIAL information.
Qualifiers are a finer level of detail about one or more security classifications which does not necessarily change the broader sensitivity of the information. The qualifier provides some additional detail about a subject area of the information that may be relevant to the sender, recipient or an IT system. So, for example a qualifier may be COMPANY for when the information is related to something about the COMPANY. In the context of protective markings, the qualifier is not valid on its own but is bound to one or more security classifications via qualifier associations.
Qualifier associations are used to bind a qualifier to one or more security classifications. Hence the security classification may have an additional level of qualifying information about it, in the form of a qualifier. So going back to our examples, an organisation may choose to bind the qualifier COMPANY to the security classification CONFIDENTIAL. Then when used in a Janusseal product the end-user could choose to select a marking of just CONFIDENTIAL, or they may choose to also indicate that it is CONFIDENTIAL information about the company and so mark it CONFIDENTIAL:COMPANY (by selecting CONFIDENTIAL + qualifier of COMPANY). The associations define which qualifiers are bound to which security classifications.
Whether this additional qualifier information is used by IT systems to enhance DLP rules is up to the organisation. We have seen some that would just adopt the simple rule 'do not let out any CONFIDENTIAL information via clear-text Internet email' whereas others might say 'let out CONFIDENTIAL information via Internet email unless it is CONFIDENTIAL:COMPANY information'.
Qualifiers are definitely needed in the gov.au security classification schema as they have the IN-CONFIDENCE security classification which can have any number of optional qualifiers such as COMMERCIAL-IN-CONFIDENCE, LEGAL-IN-CONFIDENCE, STAFF-IN-CONFIDENCE and so on. These all have the same broad sensitivity but the qualifier is used to convey more detail about the subject matter and could be used for fine adjustments in DLP-like rule-sets.
Caveats are related to concepts in military messaging and are another means to convey finer grain detail about the context or nature of certain information. Commercial organisations would have little need to use caveats. Janusseal products have limited support for such.
How do I upgrade my existing version of Janusseal for Outlook to the latest available?
Please always consult the Administration Guide supplied with the latest version as this will contain comprehensive upgrade instructions.
How do I confirm which Janusseal for Outlook extensions have been loaded?
The outcome of attempts to load Janusseal for Outlook extensions can be logged to a debug file. Refer to the knowledge base article which explains the procedure for setting the registry to enable debug logging to a file.
Where do Janusseal Messages products place the protective marking (security labels/tags) information?
Janusseal for Outlook is compliant with the marking (tagging) format used by the Australian Government.
Janusseal for Outlook complies with the mandatory parts of the specification which means the marking will look like:
X-Protective-Marking: VER=<ver>, NS=<namespace>, SEC=<securityClassification>(:<qualifier>)?, ORIGIN=<authorEmail>
Of these two forms, the one that is most often used in the subject line, however the X-Protective-Marking may also be present, or be present instead of the subject line form (depending on configuration of the Janusseal product or the type of message being set).
If setting up a content filter ruleset to detect the protective markings your filter ruleset would look for both forms of marking and use the X-Protective-Marking as authoritative (if present).
Janusseal for Outlook Web App only inserts the subject line marking, but reads both the subject line marking and x-protective-marking headers.
How long does it take for Janusseal installation and configuration?
Janusseal installation and configuration can be completed in under one hour, although normally one day shold be set aside for deployment to resolve potential problems such as Group Policy replication and network access issues.
Initially a customer will take a little more time defining their security policy and Active Directory security groups. Once these have been defined, the policy may be implemented and evaluated in a test environment. Feedback from testing may necessitate modifications to the policy design.
After the policy design has been finalised, it can be deployed to production systems. The adminsitrator imports the relevant Group Policy Administrative Templates into the Group Policy Editor, and adjusts the Janusseal Group Policy as necessary. The Group Policy is applied to a security group, which may be as small as one machine. If the policy is successful, further machines would be added to the security group, or alternatively, the Group Policy applied to a larger security group.
Where does Janusseal Documents place the protective marking (security labels/tags) information?
Janusseal Documents uses the metadata fields of Microsoft Office files to store protective marking information. These metadata fields are called custom document properties.
Any end-user or Office add-on application can define a custom document property in the form of a name, type and value. Janusseal Documents, as a Microsoft Office add-on, defines several custom document properties in which to store information relating to the security classification and qualifier that an end-user has selected when classifying the Office file (Word document, Excel spreadsheet or PowerPoint presentation).
The custom document properties used by Janusseal Documents to hold protective marking information (information related to security classifications, qualifiers and so on) is tabulated below:
|CDP Name||CDP Type||value populated by Janusseal Documents||CDP Name configurable?|
|PM_DisplayValueSecClassificationWithQualifier||Text||DisplayValue of SecurityClassification, and if qualifier is present then their combined DisplayValue||No|
|PM_SecurityClassification_Prev||Text||MarkingValue of previous SecurityClassification of file (when user changes the security classification)||No|
|PM_Qualifier_Prev||Text||MarkingValue of previous Qualifier of file (when user changes the qualifier)||No|
where CDP = Custom Document Property.
These custom document properties used and populated by Janusseal Documents are used by Janusseal for Outlook when an attachment is added so that Outlook can determine the classification of the Office file.
In a similar fashion content filter engines and technologies can be configured to detect some or all of these custom document properties and use them to do things such as preventing data leakage. In this scenario the two most useful custom document properties are those with names:
The first provides the coarse grain sensitivity level of the Office file by holding the value of the MarkingValue of the user selected security classification (where MarkingValue is the value assigned to the security classification when using the Janusseal Schema tool to design the organisation's security classification schema). This custom document property is probably of most importance and relevance when designing a filter rule-set for a content filter engine.
The second provides finer grain information about the potential sensitivity of the Office file by holding the value of the MarkingValue of any user selected qualifier (where MarkingValue is the value assigned to the qualifier when using the Janusseal Schema tool to design the organisation's security classification schema). This may be of some use when designing an advanced filter rule-set for a content filter engine.
it is important to remember that the CDP names of PM_SecurityClassification and PM_Qualifier are the default names used by Janusseal Documents but that the CDP names used are configurable in Janusseal Documents's Group Policy Object. These names can be configured in the Group Policy Editor under Computer Configuration/Administrative Templates/janusNET/janusSEAL/Protective Marking Policy/Protective Markings on data files
What Operating System platforms does Janusseal support?
Janusseal for Outlook and Janusseal Documents supports Windows operating systems that are officially supported by Microsoft. This includes the following operating systems
Can I use my organisation's Janusseal for Outlook license in Janusseal for OWA?
Janusseal for OWA will reject a Janusseal for Outlook license. It will only successfully operate with a valid Janusseal for OWA license.
I've made policy changes in Janusseal for Outlook Web App's group policy object, but the changes are not visible in the web client. How do I make the changes appear at the client?
There are two main possible causes for this:
The first is the most likely cause. After making any changes to a Janusseal for Outlook Web App Group Policy Object it is best to:
If this does not resolve the problem then it may be due to content caching at the Web browser. Please consult the Janusseal for Outlook Web A[[ Administration Guide - Chapter "Administration Tasks"; Section "Troubleshooting Issues" for guidance on clearing the cache in a web client.
How do I determine the version of Janusseal for Outlook Web App on an Exchange server?
To determine the version of Janusseal for Outlook Web App that is installed on an Exchange server:
<p>The full Janusgate suite of products</p>
How is Janusgate Mobile licensed?
Janusgate Mobile production licenses are provided on a perpetual basis. Fully functional time limited evaluation licenses are also available.
Seats are counted on a per network account basis.
License are provided within specific bands of seats. For example, smaller organisations would order a license for up to 100 seats, and larger organisations with a license up to 1,000 or 10,000 seats.
Contact Janusnet for further information.
How can I evaluate Janusgate Mobile?
Janusgate Mobile is available for evaluation with a time limited license.
A range of Knowledge Base articles to aid evaluation and configuration is available here.
With which smartphones does Janusgate Mobile operate?
Janusgate Mobile operates with the following smartphones:
Further specifications are available here.
With which e-mail servers does Janusgate Mobile operate?
What additional software do I need to install on my smartphone?
In most cases Janusgate Mobile does not require any additional software to be installed on the smartphone and uses the native e-mail application.
For iPhone, Windows Mobile/Phone and Android no additional software is required. These smartphones all have e-mail applications on the phone which utilise Exchange ActiveSync to synchronise e-mail, calendar and contacts between the Exchange server and the phone.
ManyNokia/Symbian smartphones come with Mail for Exchange. If not already present, it can be download from the Ovi store. Mail for Exchange utilises Exchange ActiveSync to synchronise e-mail, calendar and contacts between the Exchange server and the phone.
Blackberries prior to v10 require an Exchange e-mail client.
What configuration changes are required on the smartphone?
Janusgate Mobile does not require any changes to the existing smartphone Exchange account configuration nor to the network settings.
Janusgate Mobile does not interfere with the mechanism used to connect the smartphone to MS Exchange Server. The enterprise can use well known and established security methods such as TLS or IPSec for channel authentication and encryption.
What changes are required at the organisation's firewall?
Janusgate Mobile does not require any changes to the firewall configuration. Janusgate Mobile does not interfere with the mechanism used to connect the smartphone to Exchange Server. The enterprise can use well known and established security methods such as TLS or IPSec for channel authentication and encryption.