90 likes | 306 Views
NAVY FTP POLICY. September 06. CDR Dave Pashkevich CNMOC N64. NAVY FTP POLICY. Background: Provided in Air Force brief Anticipated Action: JTF-GNO will issue a Warning Order (WARNORD) within 60-90 days for closure actions to take place
E N D
NAVY FTP POLICY September 06 CDR Dave Pashkevich CNMOC N64
NAVY FTP POLICY • Background: Provided in Air Force brief • Anticipated Action: JTF-GNO will issue a Warning Order (WARNORD) within 60-90 days for closure actions to take place • A "Temporary Exception“ policy will be implemented; however, the exception will only be sufficient to complete required action to comply with the WARNORD
FNMOC Plan to Mitigate JTF-GNO CTO 06-02 FTP Port Closure • Notify all non-DOD customers and data providers of 15 December deadline • Convert existing software to FTP-SSL • Transition to http(s) options as available
FNMOC FTP Data Providers and Customers Non-DOD Data Providers to FNMOC: FTP pull NWS - ncep mrf forecast data, TAF data, MTR data, all GTS data NHC - Pick up hurricane and tropical cyclone data NOAA - hurricane and TC data. UKMetoffice - UKMET forecast data NESDIS - pick up AIRS and AMSR data University of Wisconsion - Wind data. FTP push NESDIS - Processed Satellite data Non-DOD Data Customers of FNMOC: FTP pull NWS - Hurricane track data FTP push NHC - Hurricane/TC track data. NSA - Selected field of almost all of out forecast data. Lawrence Livermore - Most of our forecast data. NCEP - NOGAPS for backup. Processed Satellite data. Several NOAA sites - TC and Hurricane track data. UKMET - Forecast data. University of Wisconsin - Most of our forecast data. John Hopkins APL - some of our forecast data.
Convert existing Distributed Processing System (DPS) to FTP-SSL • requires passwords • ( CTO 06-01 (PKI) non-compliant ) • quickest solution, but temporary?? • (unknown when passwords will be disallowed) • consider both open source and commercial • (may require $$) • requires FTP-SSL service at data provider or customer • (external dependency)
FNMOC Transition to HTTPS Options • No passwords required • Customer pull from passive cache, no PKI • (already existing for some pull) • Customer pull from active cache with PKI • (CAGIPS IOC 20 September, but FOC > 15 Dec) • FNMOC pull from data providers, no PKI • (working version has been developed) • requires HTTPS service at data provider or customer • (external dependency)
FNMOC Summary • short term: FTP-SSL, some http(s) • long term: http(s) with PKI • dependency on external customers • and data providers service changes FNMOC POC: Chuck Skupniewicz, IT-DM chuck.skupniewicz@fnmoc.navy.mil, (831) 656-5104
NAVO Plan to MigrateJTF-GNO CTO 06-02 FTP Port Closure • Impacts • Unclassified LAN • External: Will require completing transition to SFTP/SSH • Internal: Will require some production codes to modify scripts/software used for data transfers • Classified LAN • Will require changes to data transfer methods between NAVO and MSRC • Will require DPS customer base to discontinue accepting connections, i.e. DPS will no longer be an effective method to deliver products. • Actions Required • Migration of existing FTP to SFTP/SSH on DMZ FTP servers (external users) • Installation of MSRC SSH kit on classified systems • Notification of customer base of FTP changes • Modification of data transfer scripts/software by production codes
NAVO Plan to MigrateJTF-GNO CTO 06-02 FTP Port Closure • Unknown • Suspect there are FTP processes that we are not aware of, plan is to monitor firewall Port 21 connections and notify users. • POR systems (Surf Eagle IPL, etc). • Requested Exclusions • Some devices require telnet/ftp accesses. • Specifically we require Telnet/FTP access to SAN fiber-channel switches which are located on the isolated management network. (NAVOCEANO POC – David Hasenkampf at 229-688-5427, david.hasenkampf @navy.mil)