Secure FTP implementation on DATMS-U Walter L. Coley, Jr JAG/CCM
Background Why Status (Air Force, Navy, NOAA) Summary
Why Internet communication uses IPv4 –System relies on ports to carry information –Current system has ports Ports are used to gain system access DOD has decided to close or restrict the use all but 7 of these ports
Why (cont) All DoD agencies using FTP for data transfer to any agency residing outside of the.mil domain (.com,.org,.gov,.edu, etc.) must transition to secure method of FTP prior to ports 20 and 21 being closed JTF-GNO will issue Warning Order giving all agencies days to make transition prior to port closure All solutions must be FIPS compliant IPv6 not addressed
Status - Navy Near Term –FNMOC is prepared to disable ports 20,21 (FTP) –All FTP customers or data providers have not converted to approved protocols –Major customers have been notified of the anticipated changes Far Term –Add PKI and Server Authentication
Status – Air Force Near Term –Use Commercial and Open Source Secure- FTP and HTTPS to transfer products –Convert some customers to retrieve products –Apply for exception as required Long Term –Use server certificates (PKI) to verify users
NOAA Near Term –Uses Secure FTP between centers –Easily add external SFTP capability –Will keep FTP capability for now Long Term –All plus server authentication (PKI)
Summary All sites are progressing Some issues with limited products New Protocols on horizon may require significant changes We have a safety net