NAVY FTP POLICY September 06 CDR Dave Pashkevich CNMOC N64

Background: Provided in Air Force brief Anticipated Action: JTF-GNO will issue a Warning Order (WARNORD) within days for closure actions to take place –A "Temporary Exception“ policy will be implemented; however, the exception will only be sufficient to complete required action to comply with the WARNORD NAVY FTP POLICY

FNMOC Plan to Mitigate JTF-GNO CTO FTP Port Closure Notify all non-DOD customers and data providers of 15 December deadline Convert existing software to FTP-SSL Transition to http(s) options as available

Non-DOD Data Providers to FNMOC: FTP pull NWS - ncep mrf forecast data, TAF data, MTR data, all GTS data NHC - Pick up hurricane and tropical cyclone data NOAA - hurricane and TC data. UKMetoffice - UKMET forecast data NESDIS - pick up AIRS and AMSR data University of Wisconsion - Wind data. FTP push NESDIS - Processed Satellite data Non-DOD Data Customers of FNMOC: FTP pull NWS - Hurricane track data FTP push NHC - Hurricane/TC track data. NSA - Selected field of almost all of out forecast data. Lawrence Livermore - Most of our forecast data. NCEP - NOGAPS for backup. Processed Satellite data. Several NOAA sites - TC and Hurricane track data. UKMET - Forecast data. University of Wisconsin - Most of our forecast data. John Hopkins APL - some of our forecast data. FNMOC FTP Data Providers and Customers

Convert existing Distributed Processing System (DPS) to FTP-SSL requires passwords ( CTO (PKI) non-compliant ) quickest solution, but temporary?? (unknown when passwords will be disallowed) consider both open source and commercial (may require $$) requires FTP-SSL service at data provider or customer (external dependency)

FNMOC Transition to HTTPS Options No passwords required Customer pull from passive cache, no PKI (already existing for some pull) Customer pull from active cache with PKI (CAGIPS IOC 20 September, but FOC > 15 Dec) FNMOC pull from data providers, no PKI (working version has been developed) requires HTTPS service at data provider or customer (external dependency)

FNMOC Summary short term: FTP-SSL, some http(s) long term: http(s) with PKI dependency on external customers and data providers service changes FNMOC POC: Chuck Skupniewicz, IT-DM (831)

NAVO Plan to Migrate JTF-GNO CTO FTP Port Closure Impacts –Unclassified LAN External: Will require completing transition to SFTP/SSH Internal: Will require some production codes to modify scripts/software used for data transfers –Classified LAN Will require changes to data transfer methods between NAVO and MSRC Will require DPS customer base to discontinue accepting connections, i.e. DPS will no longer be an effective method to deliver products. Actions Required Migration of existing FTP to SFTP/SSH on DMZ FTP servers (external users) Installation of MSRC SSH kit on classified systems Notification of customer base of FTP changes Modification of data transfer scripts/software by production codes

NAVO Plan to Migrate JTF-GNO CTO FTP Port Closure Unknown –Suspect there are FTP processes that we are not aware of, plan is to monitor firewall Port 21 connections and notify users. –POR systems (Surf Eagle IPL, etc). Requested Exclusions –Some devices require telnet/ftp accesses. –Specifically we require Telnet/FTP access to SAN fiber-channel switches which are located on the isolated management network. (NAVOCEANO POC – David Hasenkampf at ,