Presentation is loading. Please wait.

Presentation is loading. Please wait.

Effects of restricting ports 20/21 on DoD Networks and Information Transfer Operations Fall COPC 2007 Mr. Walter L. Coley, Jr. JAG/CCM Chair.

Published byAriel Miles Modified over 9 years ago

Similar presentations

Presentation on theme: "Effects of restricting ports 20/21 on DoD Networks and Information Transfer Operations Fall COPC 2007 Mr. Walter L. Coley, Jr. JAG/CCM Chair."— Presentation transcript:

1 Effects of restricting ports 20/21 on DoD Networks and Information Transfer Operations Fall COPC 2007 Mr. Walter L. Coley, Jr. JAG/CCM Chair

2 2 2 Overview Guidance Effects DoC Initiative Navy Initiative AFW Initiative Options Recommendation

3 3 Guidance All standards are based on NIST guidance DoC follows NIST DoD modified to satisfy mission Use of anonymous protocols is restricted “Risk Accepted by one is accepted by all” Guidance concerns IPv4 IPv6 guidance is under review

4 44 DISA Guidance Xx FOUO

5 5 Guidance (cont)..What the Chart Colors Mean Guidance from PPS Category Assignments list release 6.8.1 (Aug 2007) Those PPS designated as Red will be severely restricted. Those PPS designated as Yellow may be allowed through with specific negotiation and limitations on use. Acceptance of those PPS designated as Green is generally automatic. 5

6 6 Effects No more unrestricted data transfer All traffic is segmented outside VPN DoD can push and pull data Non-DoD can only push or pull data within DATMS-U No more store and forward systems

7 7 Acceptable Services Short Term Goal – all sites (6 months) FTP Ports 20/21 (Conditional) Session from Enclave DMZ to DoD Network to Enclave DMZ HTTP (Port 80 for non-DoD only) HTTPS (TCP) Port 443 Long Term Goal SFTP (SSH) Port 22 only HTTPS (TCP) Port 443 HTTP (Port 80 for non-DoD only) 7

8 8 Acceptable Services (cont) DDM-SSL (TCP) Port 448 FTPS-DATA (TCP) Ports 989/990 (Army) Some proprietary others  SFTP has most utility and economy  DOD can initiate FTP sessions

9 9 9 Navy Initiative FNMOC/NAVO are going through site accreditation Required to secure communication ports and bring the operation in line with DISA/Navy guidance Sites will use HTTPS and SFTP

10 10 DoC Initiative NWS is moving away from FTP to HTTP(s)-based file transfer. NWS will support SFTP Need funding to support encryption NESDIS uses Public Keys NWSTG supports RSA 2 factor authentication

11 11 Air Force Initiative Air Force supports SFTP and HTTPS Systems tuned to work with DMZ Conversion to data ‘pull’ system Operational load and timing issues under study

12 12 Options Option 1 Move methodically to secure networks in next 6 months Can complete HTTPS, but not SFTP without funding No driver for this or funding supporting rapid transition Option 2 Continue to incrementally improve infrastructure and document as we go Can still complete HTTPS in 6 months, limited use of SFTP Same effect as option 1 but slower and lower risk Less potentially disruptive to operations

13 13 RECOMMENDATION Option 2 Communication uses HTTPS and SFTP FTP where essential Convert all communications to work through DMZ where possible in next 6-12 months Most work is done All OPC locations continue to support ATO process

14 14 Questions?

15 15 Background Information

16 16 DISA Guidance

17 17 DoD DMZ Internal DoD Network External Network Ports Protocols & Services Category Assignment List (PPS CAL) Boundaries for FTP Enclave DMZ DoD Network 13 14 7 8 12 11 9 10 5 63 4 1 2 DoD Network: NIPRNET, DATMS-U, DREN Red – PPS CAL Denied/Restricted Yellow – PPS CAL Conditional 15 – Red 16 - Yellow

18 18 DoD DMZ Enclave DoD Network External Network Ports Protocols & Services Category Assignment List (PPS CAL) Boundaries for SFTP Enclave DMZ DoD Network 13 14 7 8 12 11 9 10 5 6 3 4 1 2 DoD Network: NIPRNET, DATMS-U, DREN Red – PPS CAL Denied/Restricted Yellow – PPS CAL Conditional 15-Green 16-Yellow

19 19 DoD DMZ Internal DoD Network External Network Ports Protocols & Services Category Assignment List (PPS CAL) Boundaries for HTTPS Enclave DMZ DoD Network 13 14 7 8 12 11 9 10 5 63 4 1 2 DoD Network: NIPRNET, DATMS-U, DREN Red – PPS CAL Denied/Restricted Yellow – PPS CAL Conditional 15 – Green 16 - Green

20 20 AF DMZ Navy DoD Network DMZ Navy DoD Network DMZ External Network DMZ External Network DMZ DMZ Communications

Download ppt "Effects of restricting ports 20/21 on DoD Networks and Information Transfer Operations Fall COPC 2007 Mr. Walter L. Coley, Jr. JAG/CCM Chair."

Similar presentations

Data Encryption Data In Transit / Data At Rest. Learning Outcomes How to: – encrypt data on an USB key – encrypt a document – email a document safely.

Data Encryption Data In Transit / Data At Rest. Learning Outcomes How to: – encrypt data on an USB key – encrypt a document – a document safely.
Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.

Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
VCE IT Theory Slideshows By Mark Kelly McKinnon Secondary College Vceit.com Intranet, Internet, VPN.

VCE IT Theory Slideshows By Mark Kelly McKinnon Secondary College Vceit.com Intranet, Internet, VPN.
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
NAVY FTP POLICY September 06 CDR Dave Pashkevich CNMOC N64.

NAVY FTP POLICY September 06 CDR Dave Pashkevich CNMOC N64.
SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.

1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.
Case study : The curious mr. x

Case study : The curious mr. x
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING.

Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING.
Working Group for Consolidated Communications Management (JAG-CCM) Update Spring CSAB 2008 Mr. Charles Abel AFWA JAG Representative.

Working Group for Consolidated Communications Management (JAG-CCM) Update Spring CSAB 2008 Mr. Charles Abel AFWA JAG Representative.
Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.

Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.
1 COPC Shared-Network Infrastructure Brief Prepared for: COPC Working Group for Cooperative Support and Backup (WG/CSAB) October 21 and 22, 2008 Meetings.

1 COPC Shared-Network Infrastructure Brief Prepared for: COPC Working Group for Cooperative Support and Backup (WG/CSAB) October 21 and 22, 2008 Meetings.
Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.

Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.

File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 21 File Transfer: FTP and.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 21 File Transfer: FTP and.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Similar presentations

Ads by Google