The full janusSEAL suite including all janusSEAL products
Does janusNET support Blackberry devices?
janusNET supports Blackberry devices.
Two whitepapers are available to enable the native classifcation capabilities of Blackberry devices (KB article), and to enable the filtering capability of the Blackberry Enterprise server (KB article).
janusNET do not have software that is installed on Blackberry devices.
What is the janusSEAL licensing model?
janusSEAL products are licenced on a perpetual basis.
All products are provided on a per seat basis to match the number of users that use the product. Normally there would be a one-to-one match of licenced seats and staff.
janusSEAL Mobile App has a small setup fee, about 2 hours, licences are about $2 each and a site licence is achieved at 5,000 users.
janusSEAL for Outlook Web App licences are not provided on a concurrent session basis, but on the number of users who can access Outlook Web Access. There is no server fee - just the number of users.
janusSEAL SafeDomain Extension, the add-on to janusSEAL for Outlook that checks the integrity of an Outlook message before sending has to be acquired in the same quanitity as the number of janusSEAL for Outlook licences
Does janusNET support IBM Lotus Notes?
janusNET does not currently support IBM Lotus Notes.
How is janusSEAL configured by technical staff?
janusSEAL for Outlook, janusSEAL for Outlook Web App and janusSEAL Documents are highly configurable using Group Policy Objects. This allows for centralised implementation of policy, such as controlling the range of classifications available according to the network’s security rating. Stock Administrative Templates are supplied for use in the Group Policy Editor. janusSEAL Schema can be used to develop more customized schemas and templates.
How does janusSEAL enable Management of Police Information (MoPI) compliance?
janusSEAL allows for the enforcement of policy so that documents and emails are marked in accordance with the Government Protective Marking Scheme (GPMS). (MoPI Guidance 4.2 Principles of Recording)
A GPMS specific schema is available for download (GPMS Schema)
How does janusSEAL mark documentation which can be utilised by perimeter security systems?
By classifying documents and emails, you can use perimeter security systems to limit the egress of sensitive information.
janusSEAL Documents inserts the security classification marking into files as custom document properties. These properties are readable by other systems.
If a user attaches a document an email, janusSEAL for Outlook automatically inherits the security classification of the attachment. The user cannot set the email's classification lower than that of any attachment.
When the user sends the message, janusSEAL for Outlook inserts the protective marking into the email. The markings are inserted into pre-configured locations in the message, such as the subject line, X-Header and many more. These markings may be interpreted by perimeter security systems, such as email gateways, and filtered accordingly.
A whitepaper discussing the integration of janusSEAL and email gateway filtering is available here.
How does janusSEAL make use of Active Directory and Group Policy?
janusSEAL makes extensive use of Active Directory and Group Policy.
janusSEAL for Outlook, janusSEAL Documents and janusSEAL for Outlook Web App are configured using Group Policy Objects (GPOs). The ZIP packages for these products include a number of Group Policy Administrative Template (ADM) files for a several well known security classification schemas including those for Australian Government agencies and UK Government entities (GPMS). These Group Policy Administrative Template files are loaded into the Group Policy Editor. The domain administrator(s) use the Group Policy Editor to define one or more janusSEAL related Group Policy Objects; each Group Policy Object defines a set of secure policy settings (configuration parameters) for the janusSEAL product or products.
With the use of Active Directory groups (OUs) and security groups, the janusSEAL configuration can be easily customised for various machine and user groups based on which Group Policy Objects are linked with the group in Active Directory. This allows for additional capabilities for some groups, such as the ability to classify information at higher levels. Using the powerful features of Microsoft Group Policy management it is a simple matter to enable higher classifications for a group of users who have higher security clearance when working on more secure workstations. This example is fully explained in the janusSEAL product's Administration Guide.
Active Directory and Group Policy may also be used for deployment of the janusSEAL products to desktops in the Windows domain (or servers, in janusSEAL for Outlook Web App's case). Each product is packaged as a standard Microsoft Installer (MSI) file. With the janusSEAL MSI placed on a network fileshare, a GPO can have a link to the MSI defined under the Software Installation area of the GPO. For any machine that is in an Active Directory group linked to this GPO, the next time it reboots the janusSEAL software will be automatically installed on it.
janusSEAL Schema can be used to develop new organisation specific security classification schemas, or extend existing schemas. janusSEAL Schema can then be used to create Administrative Template (ADM) files for all janusSEAL products based on the schema definition. Pre-made schema definition (SCS) files, for use with janusSEAL Schema, can be downloaded from the janusSEAL Schema forum. Currently there are SCS files for use by Australian Government agencies, UK Government entities (GPMS compliant), Government of Canada agencies, Singapore Government, USA Government and a schema that complies with the Traffic Light Protocol.
What training is required for technical staff for deployment, configuration and management of janusSEAL?
In general, no specific face-to-face training is required for technical staff for deployment, configuration and management of janusSEAL.
janusSEAL for Outlook, janusSEAL Documents and janusSEAL for Outlook Web App are each supplied with a comprehensive Administration Guide. The guides are intended for system administrators of an organisation's Windows based infrastructure. These guides assume a good working knowledge and experience equivalent to MCSE, MCSA or MCTS. Sound knowledge of MS Group Policy operation and management is essential.
The Administration Guides contain enough information for technical staff for deployment, configuration and operation.
Further support information is available for the janusNET Knowledge Base.
If necessary, bespoke training sessions for technical staff for the administration of janusSEAL products can be organised. Click here to contact janusNET.
What technical resources are required at the customer site for deployment and configuration of janusSEAL?
In general, for deployment and configuration of janusSEAL to production environments, technical staff require access to
How can janusSEAL be deployed over a large geographical area with minimal disruption to services?
janusSEAL uses Microsoft standard installation technology, Microsoft Installer (.msi) files, for deployment to workstations.
The software may be deployed using a range of technologies, such as Group Policy and Microsoft Systems Management Server (SMS).
The janusSEAL installation packages are relatively small, of the order of 5 MB per product.
The software will be installed on a workstation when it logs onto the domain, and prior to the user logging on to the network. The installation is reasonably quick, typically less than one minute.
To further optimise deployment on Wide Area Networks, the installer (.msi) files can be stored on a local file share in each geographic location. Group Policies associated with each geographical location would specify installation on workstations from the local file server.
Further information discussing deployment is available in each product's Administration Guide. These guides are available for download, included in each product's download package.
How does janusSEAL enable Code of Connection (CoCo) complaince for UK Local Authorities connecting to the GCSX?
Local Authorities in the United Kingdom (UK) can connect to the Government Connect Secure Extranet (GCSX) provided that have achieved Code of Connection (CoCo) compliance.
Products in the janusSEAL suite enable compliance against the protective marking (security labels) requirements of CoCo and of Her Majesty's Government Security Policy Framework. The janusSEAL products require senders of email messages to apply the Government Protective Marking System (GPMS) to all sent messages. This ensures all email messages are protectively marked as required by CoCo.
Further, by including janusSEAL for Outlook SafeDomain Extension in their GCSX architecture, Local Authorities can provide their staff with a simple single mailbox solution which is able to ensure sensitive messages (PROTECT or RESTRICTED) are always delivered by the secure GC Mail system of GCSX.
See this page for more information on the janusSEAL solution for CoCo compliance and simplified GC Mail.
What is the difference between security classifications, qualifiers, qualifier associations and caveats?
Security classifications are the terms used to classify (categorise) information according to its sensitivity or criticality to a business, organisation or entity. They tend to be broad categorisations, for example PUBLIC as opposed to CONFIDENTIAL information.
Qualifiers are a finer level of detail about one or more security classifications which does not necessarily change the broader sensitivity of the information. The qualifier provides some additional detail about a subject area of the information that may be relevant to the sender, recipient or an IT system. So, for example a qualifier may be COMPANY for when the information is related to something about the COMPANY. In the context of protective markings, the qualifier is not valid on its own but is bound to one or more security classifications via qualifier associations.
Qualifier associations are used to bind a qualifier to one or more security classifications. Hence the security classification may have an additional level of qualifying information about it, in the form of a qualifier. So going back to our examples, an organisation may choose to bind the qualifier COMPANY to the security classification CONFIDENTIAL. Then when used in a janusSEAL product the end-user could choose to select a marking of just CONFIDENTIAL, or they may choose to also indicate that it is CONFIDENTIAL information about the company and so mark it CONFIDENTIAL:COMPANY (by selecting CONFIDENTIAL + qualifier of COMPANY). The associations define which qualifiers are bound to which security classifications.
Whether this additional qualifier information is used by IT systems to enhance DLP rules is up to the organisation. We have seen some that would just adopt the simple rule 'do not let out any CONFIDENTIAL information via clear-text Internet email' whereas others might say 'let out CONFIDENTIAL information via Internet email unless it is CONFIDENTIAL:COMPANY information'.
Qualifiers are definitely needed in the gov.au security classification schema as they have the IN-CONFIDENCE security classification which can have any number of optional qualifiers such as COMMERCIAL-IN-CONFIDENCE, LEGAL-IN-CONFIDENCE, STAFF-IN-CONFIDENCE and so on. These all have the same broad sensitivity but the qualifier is used to convey more detail about the subject matter and could be used for fine adjustments in DLP-like rule-sets.
Caveats are related to concepts in military messaging and are another means to convey finer grain detail about the context or nature of certain information. Commercial organisations would have little need to use caveats. janusSEAL products have limited support for such.
janusSEAL for Outlook Lite enhances the message classification features of Exchange 2007
Can I control the order in which the classifications are presented in janusSEAL for Outlook Lite?
To control the order of the message classifications as shown in the janusSEAL for Outlook Lite Classification Dialog simply edit the order of the classifications in the classifications XML file that is deployed at the client workstations.
The order of the message classifications in the Dialog, and in Outlook 2007 Professional's "permissions drop-list", is dictated by the order of the classifications in the XML file.
Use a text editor like Notepad to edit the XML file and careful adjust the ordering to that desired. Be careful to make a backup copy of the original XML file so you can readily revert to a working XML file if necessary. The new classifications XML file will have to be re-deployed to all client workstations.
How are the short-cut keys assigned in the janusSEAL for Outlook Lite Classification Dialog?
Quick answer: automatically by janusSEAL for Outlook Lite.
Long answer: janusSEAL for Outlook Lite does so automatically because it uses the same configuration information used for Exchange 2007 message classifications. When configuring Exchange 2007 message classifications there is no setting for assigning short-cut keys for each message classification. janusSEAL for Outlook Lite that attempts to automatically and uniquely assign a short-cut key to each message classification.
Firstly, a character can become a short-cut key if it is:
janusSEAL for Outlook Lite iterates through each of the classifications and attempts to assign a short-cut key for each classifcation as follows. Once a short-cut key is assigned to a classification, or gives up looking for one, janusSEAL for Outlook Lite looks for a short-cut key for the next classifcation.
How can I deploy the classifications XML file and appropriate registry settings to enable Exchange 2007/2010 message classifications at an end-user's workstation?
janusNET have a solution that simplifies this administration task. The janusNET approach provides a means in which the classifications XML file and the registry settings required by Outlook 2007 or Outlook 2010 and janusSEAL for Outlook Lite can be centrally deployed and administered.
If you require more information about this solution then contact janusNET today.
How do I configure the message classifications which are available in janusSEAL for Outlook Lite?
janusSEAL for Outlook Lite is an Outlook add-in which enhances the native message classification capabilities of Outlook. janusSEAL for Outlook Lite uses the same configuration parameters for its message classifications as used by Outlook.
Once native message classifications are successfully working in Outlook Professional, janusSEAL for Outlook Lite will be able to use the same information.
Detailed instructions for configuring native message classifications in Outlook are provided by Microsoft at http://technet.microsoft.com/en-us/library/aa998271.aspx
Can I control the tooltips that are shown for each message classification in the dialog?
In the janusSEAL for Outlook Lite Classification Dialog (popup), the end-user can obtain helpful descriptions of each message classification when they hover the mouse cursor over the classification. When they do so a tooltip is shown for a brief interval which can help the sender be sure they are using the correct message classification.
The text used for the tooltips is determined by the SenderDescription field that was assigned to the message classification when it was created on the Exchange 2007 Server in the Exchange Management Shell.
If you want to add or modify the SenderDescription field for a message classification then an Exchange Server administrator will have to use the Set-MessageClassification cmdlet in the Exchange Management Shell (see http://technet.microsoft.com/en-us/library/bb125250.aspx). Once the SenderDescription field(s) have been corrected then a new classifications XML file will have to be created and deployed to all end-user workstations.
Does janusSEAL for Outlook Lite make end-users apply a classification to meeting (appointment) requests?
With Outlook Professional and native Exchange message classifications, meeting organisers cannot apply a message classification to appointment requests. However janusSEAL for Outlook Lite addresses this shortcoming. When the organiser goes to send an appointment request the janusSEAL for Outlook Lite Classification Dialog is shown and the request is only sent once a message classification has been specified.
What sort of classification labels or markings does janusSEAL for Outlook Lite put in the message?
janusSEAL for Outlook Lite writes the same classification labels to the sent message as when the sender uses the native message classifications of Outlook 2007 Professional or Outlook 2010 Professional Plus in an Exchange 2007/2010 environment. When the message is sent through the Exchange 2007/2010 Server it cannot tell whether the classification labels were written by the native classification capability of Outlook or janusSEAL for Outlook Lite.
This means any Exchange Server Transport Rules that rely on detection of a message classification will work for those classification labels written by janusSEAL for Outlook Lite.
janusSEAL for Outlook Lite cannot write other forms of classification labels like Subject line markings, X-header markings (X-Protective-Marking), Outlook User Properties, message body markings and so on. If you need to apply such labels or markings at the Outlook client then you need to use janusSEAL for Outlook.
How is the janusSEAL for Outlook Lite software packaged for installation?
janusSEAL for Outlook Lite is supplied as a Microsoft Installer (MSI) file.
This is the optimum format for:
Why is the security classification drop down menu not available when I compose an email in Outlook?
The security classification drop down menu will not be available if Outlook has been set to use Microsoft Office Word to edit email messages.
This feature can be turned off in Outlook by going: Tools > Options... and choose the Mail Format tab. In this dialog, deselect both Use Microsoft Word to edit e-mail messages and, Use Microsoft Word to read Rich Text e-mail messages.
How do I upgrade my existing version of janusSEAL for Outlook to the latest available?
Please always consult the Administration Guide supplied with the latest version as this will contain comprehensive upgrade instructions.
Does janusSEAL for Outlook create subject line protective markings that comply with the Email Protective Marking Standard for the Australian Government?
Yes. In the ABNF syntax used by the standard, janusSEAL products can create subject line forms according to:
protective-mark-short-form = classification ; as defined in
; AGIMO Protective
; Marking standard
jS-2-protective-mark-medium-form = protective-mark-short-form
jS-2-protective-marked-subject = "Subject:" unstructured
"]" [FWS] CRLF
Does janusSEAL for Outlook create Internet message header extension (X-Protective-Marking) protective markings that comply with the Email Protective Marking Standard for the Australian Government?
Yes. In the ABNF syntax used by the standard, janusSEAL products can create X-header forms according to:
protective-mark-short-form = classification ; as defined in
; AGIMO Protective
; Marking standard
jS-2-protective-mark-medium-form = protective-mark-short-form
jS-2-protective-mark-long-form = version
jS-2-protective-marked-header = "X-Protective-Marking:"
How do I confirm which janusSEAL for Outlook extensions have been loaded?
The outcome of attempts to load janusSEAL for Outlook extensions can be logged to a debug file. Refer to the knowledge base article which explains the procedure for setting the registry to enable debug logging to a file.
Where do janusSEAL Messages products place the protective marking (security labels/tags) information?
janusSEAL for Outlook is compliant with the marking (tagging) format used by the Australian Government.
janusSEAL for Outlook complies with the mandatory parts of the specification which means the marking will look like:
X-Protective-Marking: VER=<ver>, NS=<namespace>, SEC=<securityClassification>(:<qualifier>)?, ORIGIN=<authorEmail>
Of these two forms, the one that is most often used in the subject line, however the X-Protective-Marking may also be present, or be present instead of the subject line form (depending on configuration of the janusSEAL product or the type of message being set).
If setting up a content filter ruleset to detect the protective markings your filter ruleset would look for both forms of marking and use the X-Protective-Marking as authoritative (if present).
janusSEAL for Outlook Web App only inserts the subject line marking, but reads both the subject line marking and x-protective-marking headers.
How long does it take for janusSEAL installation and configuration?
janusSEAL installation and configuration can be completed in under one hour, although normally one day shold be set aside for deployment to resolve potential problems such as Group Policy replication and network access issues.
Initially a customer will take a little more time defining their security policy and Active Directory security groups. Once these have been defined, the policy may be implemented and evaluated in a test environment. Feedback from testing may necessitate modifications to the policy design.
After the policy design has been finalised, it can be deployed to production systems. The adminsitrator imports the relevant Group Policy Administrative Templates into the Group Policy Editor, and adjusts the janusSEAL Group Policy as necessary. The Group Policy is applied to a security group, which may be as small as one machine. If the policy is successful, further machines would be added to the security group, or alternatively, the Group Policy applied to a larger security group.
Where does janusSEAL Documents place the protective marking (security labels/tags) information?
janusSEAL Documents uses the metadata fields of Microsoft Office files to store protective marking information. These metadata fields are called custom document properties.
Any end-user or Office add-on application can define a custom document property in the form of a name, type and value. janusSEAL Documents, as a Microsoft Office add-on, defines several custom document properties in which to store information relating to the security classification and qualifier that an end-user has selected when classifying the Office file (Word document, Excel spreadsheet or PowerPoint presentation).
The custom document properties used by janusSEAL Documents to hold protective marking information (information related to security classifications, qualifiers and so on) is tabulated below:
|CDP Name||CDP Type||value populated by janusSEAL Documents||CDP Name configurable?|
|PM_DisplayValueSecClassificationWithQualifier||Text||DisplayValue of SecurityClassification, and if qualifier is present then their combined DisplayValue||No|
|PM_SecurityClassification_Prev||Text||MarkingValue of previous SecurityClassification of file (when user changes the security classification)||No|
|PM_Qualifier_Prev||Text||MarkingValue of previous Qualifier of file (when user changes the qualifier)||No|
where CDP = Custom Document Property.
These custom document properties used and populated by janusSEAL Documents are used by janusSEAL for Outlook when an attachment is added so that Outlook can determine the classification of the Office file.
In a similar fashion content filter engines and technologies can be configured to detect some or all of these custom document properties and use them to do things such as preventing data leakage. In this scenario the two most useful custom document properties are those with names:
The first provides the coarse grain sensitivity level of the Office file by holding the value of the MarkingValue of the user selected security classification (where MarkingValue is the value assigned to the security classification when using the janusSEAL Schema tool to design the organisation's security classification schema). This custom document property is probably of most importance and relevance when designing a filter rule-set for a content filter engine.
The second provides finer grain information about the potential sensitivity of the Office file by holding the value of the MarkingValue of any user selected qualifier (where MarkingValue is the value assigned to the qualifier when using the janusSEAL Schema tool to design the organisation's security classification schema). This may be of some use when designing an advanced filter rule-set for a content filter engine.
it is important to remember that the CDP names of PM_SecurityClassification and PM_Qualifier are the default names used by janusSEAL Documents but that the CDP names used are configurable in janusSEAL Documents's Group Policy Object. These names can be configured in the Group Policy Editor under Computer Configuration/Administrative Templates/janusNET/janusSEAL/Protective Marking Policy/Protective Markings on data files
What Operating System platforms does janusSEAL support?
Can I use my organisation's janusSEAL for Outlook license in janusSEAL for OWA?
janusSEAL for OWA will reject a janusSEAL for Outlook license. It will only successfully operate with a valid janusSEAL for OWA license.
I've made policy changes in janusSEAL for Outlook Web App's group policy object, but the changes are not visible in the web client. How do I make the changes appear at the client?
There are two main possible causes for this:
The first is the most likely cause. After making any changes to a janusSEAL for Outlook Web App Group Policy Object it is best to:
If this does not resolve the problem then it may be due to content caching at the Web browser. Please consult the janusSEAL for Outlook Web A[[ Administration Guide - Chapter "Administration Tasks"; Section "Troubleshooting Issues" for guidance on clearing the cache in a web client.
How do I determine the version of janusSEAL for Outlook Web App on an Exchange server?
To determine the version of janusSEAL for Outlook Web App that is installed on an Exchange server:
The full janusGATE suite of products
How is janusGATE Mobile licensed?
janusGATE Mobile production licenses are provided on a perpetual basis. Fully functional time limited evaluation licenses are also available.
Seats are counted on a per network account basis.
License are provided within specific bands of seats. For example, smaller organisations would order a license for up to 100 seats, and larger organisations with a license up to 1,000 or 10,000 seats.
Contact janusNET for further information.
How can I evaluate janusGATE Mobile?
janusGATE Mobile is available for evaluation with a time limited license.
A range of Knowledge Base articles to aid evaluation and configuration is available here.
With which smartphones does janusGATE Mobile operate?
janusGATE Mobile operates with the following smartphones:
Further specifications are available here.
With which e-mail servers does janusGATE Mobile operate?
What additional software do I need to install on my smartphone?
In most cases janusGATE Mobile does not require any additional software to be installed on the smartphone and uses the native e-mail application.
For iPhone, Windows Mobile/Phone and Android no additional software is required. These smartphones all have e-mail applications on the phone which utilise Exchange ActiveSync to synchronise e-mail, calendar and contacts between the Exchange server and the phone.
ManyNokia/Symbian smartphones come with Mail for Exchange. If not already present, it can be download from the Ovi store. Mail for Exchange utilises Exchange ActiveSync to synchronise e-mail, calendar and contacts between the Exchange server and the phone.
Blackberries prior to v10 require an Exchange e-mail client.
What configuration changes are required on the smartphone?
janusGATE Mobile does not require any changes to the existing smartphone Exchange account configuration nor to the network settings.
janusGATE Mobile does not interfere with the mechanism used to connect the smartphone to MS Exchange Server. The enterprise can use well known and established security methods such as TLS or IPSec for channel authentication and encryption.
What changes are required at the organisation's firewall?
janusGATE Mobile does not require any changes to the firewall configuration. janusGATE Mobile does not interfere with the mechanism used to connect the smartphone to Exchange Server. The enterprise can use well known and established security methods such as TLS or IPSec for channel authentication and encryption.