150 likes | 277 Views
FTP Replacement Briefing. 08 Sep 06. FTP Replacement. Description: Replace FTP for all traffic outside .mil domain Requirements Documents: - DoDI 8551.1, Ports, Protocols, and Services Management - DSAWG FTP Vulnerability Assessment, updated 13 Sep 05
E N D
FTP Replacement • Briefing 08 Sep 06
FTP Replacement • Description:Replace FTP for all traffic outside .mil domain • Requirements Documents: • - DoDI 8551.1, Ports, Protocols, and Services Management • - DSAWG FTP Vulnerability Assessment, updated 13 Sep 05 • - Air Force Weather Security Classification Guide, 1 May 2004 • - AFI 33-202v1, Network and Computer Security • - AFI 33-201, Transmission Security • Briefing Objectives:Inform OFCM CEISC of encryption requirement and change to SFTP Presentation for CCB, 16 Aug 06
Background • On 9 Nov 04, JTF-GNO stated File Transfer Protocol (FTP) ports 20 and 21 would cease transferring data between DoD enclaves (.mil) and non-DoD enclaves (.edu, .com, .gov, .org, etc.) effective 9 Nov 06 • AFCA clearly stated that any replacement product used must be FIPS 140-2 certified • AFWA has standing requirement to encrypt all data sent outside DoD channels • The AFWA formed a working group in May 06 dedicated to finding an FTP replacement for the Strategic Center and our customers
Analysis • The following criteria were considered in evaluating the open source version and commercial version (Tectia) of SFTP: • FIPS 140-2 compliance • Performance • Ports and protocols compliance • Ease of Integration • Interoperability • Cost • Maintainability
Analysis (cont.) • A standards-based solution makes interoperability highly likely between open source and all commercial products use the same standard • Since SFTP appears to the user (at a command line or scripting level) to be an FTP clone, it would be simple to integrate as an FTP replacement • Software cost was not quantified. • Note: In addition to Tectia, there are many commercial SFTP products providing competition in the market for this standard solution. The working group only evaluated Tectia and free open source version.
Performance • SFTP typically incurred about a 10-30% performance penalty, depending on the combination of SFTP versions in use • Some clients with relatively inefficient native FTP performance (e.g. Solaris 8) experienced a performance increase using SFTP • Conclusion: Based on performance, SFTP is a reasonable choice for encrypted secure file transfer
Risks • Risk: Customers can’t comply with SFTP • Description: Non-.mil customers unable to transition to SFTP will cease send/receipt of data from AFWA • Mitigation: Assumption - Register all customers unable to meet deadline with AFNOSC and DSAWG. Registration must include a “get well” plan.
Risks • NCEP • Global ensemble data not available for development • AGROMET pushed to NCEP DMZ may be discontinued • FNMOC • May not be able to easily implement SFTP (researching) • .COM, .EDU • May not easily be able to implement open source or commercial product
DATMS-U • No impacts expected as DATMS-U is considered part of the DoD network
Identified FTP Comms • POCs reached are detailed in the Excel spreadsheet: Update FTP users contacted.xls • Review and update of listed POCs by member agencies requested • Issues to be identified after 09 Nov 06 SFTP testing period begins
Implementation Timeline • SFTP available for limited use by AFWA 9 November • Projected WARNORD issued by Air Staff no earlier than January 2007 • WARNORD +90: FTP cut-off date • Implementation schedule from WARNORD to cut-off date TBD
Recommend CEISC member agencies review FTP communications to identify any additional data feeds between them and DoD and provide a POC to coordinate resolution NLT 30 Sep 06 Recommendation
SFTP Questions?
SFTP BACK-UP SLIDES