Deny list and dynamic list block
A deny list incident occurs when you try to access a domain identified as malicious by the NHS Digital Security Centre. This includes spoofed NHS type domain websites, where a site appears to use the .nhs domain to impersonate an NHS site.
There are different types of dynamic list items. The common types are:
- file - specific sites which have been temporarily blocked for analysis
- category – a website placed into a disallowed category
- emerging threat – a website which has been classified as potentially hostile or malicious
When you try to access a page that's blocked for one of the above reasons you may see a HSCN specific coaching page. It will inform you the page has been blocked by the HSCN internet security service. The screen you see will be different when accessing a HTTP or a HTTPS address.
When trying to access a page with a HTTP block you will see a HSCN specific message advising that the page is blocked.
When trying to access a page with a HTTPS block you will see a generic error message, which will differ depending on the internet browser used. Work is underway to introduce an HTTPS coaching page.
Ports are mostly used for devices and services which do not connect via a browser. Examples of port access issues include inability to access chip and pin services, telephony and CCTV. Although blocked ports are mostly unrelated to browser access, there are some URLs that are port specific and in these circumstances the connection would not work. In this scenario you wouldn’t see an error message or blocked coaching page.
File blocked incidents relate to files you are attempting to download from the internet, such as updates to software - for example, a change to a Warfarin dosage file. If a file is blocked, it won’t download. In this scenario you won’t see an error message or blocked coaching page.
Non-HSCN internet security service issues
There are circumstances outside of the HSCN internet security services remit which may cause connection problems to a destination website. If an incident is reported to the service provider and it’s found that the HSCN internet security service is not the cause this will be reported back to you.
Issues outside of the service that may cause connection problems include:
- the end destination is using a Transport Layer Security (TLS) version, a type of internet security certificate, which does not meet NHS standards
- a perceived man-in-the-middle (MITM) attack
If you can't reach the end destination for any of these reasons, your request may hang and not connect, or you may be presented with an error page.
Once it has been confirmed that the issue is not caused by the HSCN internet security service, your local IT service desk will need to investigate the matter further and contact the end destination for support as required.
Incident process for blocks
If you believe access has been prevented incorrectly you should log a service call with your local ICT service. They will check for local issues. If no local issues exist, you can then log a call with your HSCN CNSP via the normal HSCN support process.
Once logged, your CNSP will investigate whether or not the issues are within their domain. If the incident can be resolved by your CNSP, or if they find that the issue is within your local domain, they will take the necessary action and feed back to you. If they find that the issue is within the HSCN internet security service's domain your call will be forwarded onto the service provider for investigation.