1 / 20

Mr. Walter L. Coley, Jr. JAG/CCM Chair

Effects of restricting ports 20/21 on DoD Networks and Information Transfer Operations Fall COPC 2007. Mr. Walter L. Coley, Jr. JAG/CCM Chair. Overview. Guidance Effects DoC Initiative Navy Initiative AFW Initiative Options Recommendation. 2. Guidance.

gerodi
Download Presentation

Mr. Walter L. Coley, Jr. JAG/CCM Chair

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Effects of restricting ports 20/21 on DoD Networks and Information Transfer OperationsFall COPC 2007 Mr. Walter L. Coley, Jr. JAG/CCM Chair

  2. Overview Guidance Effects DoC Initiative Navy Initiative AFW Initiative Options Recommendation 2

  3. Guidance • All standards are based on NIST guidance • DoC follows NIST • DoD modified to satisfy mission • Use of anonymous protocols is restricted • “Risk Accepted by one is accepted by all” • Guidance concerns IPv4 • IPv6 guidance is under review

  4. DISA Guidance Xx FOUO FOUO 4

  5. Guidance (cont)..What the Chart Colors Mean 5 • Guidance from PPS Category Assignments list release 6.8.1 (Aug 2007) • Those PPS designated as Red will be severely restricted. • Those PPS designated as Yellow may be allowed through with specific negotiation and limitations on use. • Acceptance of those PPS designated as Green is generally automatic.

  6. Effects • No more unrestricted data transfer • All traffic is segmented outside VPN • DoD can push and pull data • Non-DoD can only push or pull data within DATMS-U • No more store and forward systems

  7. Acceptable Services 7 • Short Term Goal – all sites (6 months) • FTP Ports 20/21 (Conditional) • Session from Enclave DMZ to DoD Network to Enclave DMZ • HTTP (Port 80 for non-DoD only) • HTTPS (TCP) Port 443 • Long Term Goal • SFTP (SSH) Port 22 only • HTTPS (TCP) Port 443 • HTTP (Port 80 for non-DoD only)

  8. Acceptable Services (cont) • DDM-SSL (TCP) Port 448 • FTPS-DATA (TCP) Ports 989/990 (Army) • Some proprietary others • SFTP has most utility and economy • DOD can initiate FTP sessions

  9. Navy Initiative FNMOC/NAVO are going through site accreditation Required to secure communication ports and bring the operation in line with DISA/Navy guidance Sites will use HTTPS and SFTP 9

  10. DoC Initiative NWS is moving away from FTP to HTTP(s)-based file transfer. NWS will support SFTP Need funding to support encryption NESDIS uses Public Keys NWSTG supports RSA 2 factor authentication 10

  11. Air Force Initiative • Air Force supports SFTP and HTTPS • Systems tuned to work with DMZ • Conversion to data ‘pull’ system • Operational load and timing issues under study

  12. Options • Option 1 • Move methodically to secure networks in next 6 months • Can complete HTTPS, but not SFTP without funding • No driver for this or funding supporting rapid transition • Option 2 • Continue to incrementally improve infrastructure and document as we go • Can still complete HTTPS in 6 months, limited use of SFTP • Same effect as option 1 but slower and lower risk • Less potentially disruptive to operations

  13. RECOMMENDATION • Option 2 • Communication uses HTTPS and SFTP • FTP where essential • Convert all communications to work through DMZ where possible in next 6-12 months • Most work is done • All OPC locations continue to support ATO process

  14. Questions?

  15. Background Information

  16. DISA Guidance 16

  17. Ports Protocols & Services Category Assignment List (PPS CAL) Boundaries for FTP 13 Internal DoD Network 14 7 DoD Network 1 External Network 8 2 12 9 11 6 3 5 Enclave DMZ 10 DoD DMZ 4 DoD Network: NIPRNET, DATMS-U, DREN 15 – Red 16 - Yellow Red – PPS CAL Denied/Restricted Yellow – PPS CAL Conditional 17

  18. Ports Protocols & Services Category Assignment List (PPS CAL) Boundaries for SFTP 13 Enclave DoD Network 14 7 DoD Network 1 External Network 8 2 12 9 11 6 3 5 Enclave DMZ 10 DoD DMZ 4 DoD Network: NIPRNET, DATMS-U, DREN 15-Green 16-Yellow Red – PPS CAL Denied/Restricted Yellow – PPS CAL Conditional 18

  19. Ports Protocols & Services Category Assignment List (PPS CAL) Boundaries for HTTPS 13 Internal DoD Network 14 7 DoD Network 1 External Network 8 2 12 9 11 6 3 5 Enclave DMZ 10 DoD DMZ 4 DoD Network: NIPRNET, DATMS-U, DREN 15 – Green 16 - Green Red – PPS CAL Denied/Restricted Yellow – PPS CAL Conditional 19

  20. DMZ Communications AF DMZ External Network DMZ Navy DoD Network DMZ 20

More Related