1 / 27

Academic Freedom vs Network Security

Academic Freedom vs Network Security. Rich Mock USAFA CIO 8 Apr 2008. or… Can You Have Too Much Security?. Overview. AF Mission – Air Force Base USAF Academy Mission IT Environments Conflict Solutions USAF vs Academy Approach Issues Examples Conclusion. Air Force Mission.

Download Presentation

Academic Freedom vs Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Academic Freedom vs Network Security Rich Mock USAFA CIO 8 Apr 2008

  2. or…Can You Have Too Much Security?

  3. Overview • AF Mission – Air Force Base • USAF Academy Mission • IT Environments • Conflict • Solutions • USAF vs Academy Approach • Issues • Examples • Conclusion

  4. Air Force Mission • Deliver sovereign options for the defense of the United States of America and its global interests -- to fly and fight in Air, Space, and Cyberspace.  • Vision: Global Vigilance, Reach and Power.

  5. Fairchild AFB, Washington • Air Mobility Command • 92nd Air Refueling Wing (35 KC-135s) • Operations Group • Maintenance Group • Medical Group • Mission Support Group • Civil Engineer Squadron • Communications Squadron • Park University, SIUC, Webster

  6. USAF Academy Mission • To educate, train and inspire young men and women to become officers of character motivated to lead the United States Air Force in service to the nation. • Academics (4 year university) • Athletics (NCAA Div I) • Military (active duty USAF)

  7. USAFA Organizations • President – Superintendent • Provost - Vice Superintendent • Student Body - Cadet Wing (4400) • Commandant of Cadets – military training • Dean of Faculty • Athletic Department • Prep School • Research Centers • Support Organizations • Medical + Hospital • Flying Training

  8. AF Base IT Environment • Locked down desktop computers • Boundary protection • Firewalls, proxy servers, anti-virus • Software Patches & Scans • Policies & Procedures • System Certification & Accreditation • Authentication (CAC and strong password) • No entertainment (work environment only) • Network Control: Base, Intermediate, AF

  9. USAF Academy IT Environment • Students issued desktop PCs (1986) • High speed network installed, all academic buildings & dorms (1993) • Cadet notebooks (2001) • Wireless network (2002) • Tablet computers (2006) • No commercial ISP for cadets

  10. Natural “Enemies” • Cops vs Robbers • Cobra vs Mongoose • Security vs Academics Stability Innovation Few changes Experimental Less access More exchange of information Proven solutions Research new ideas

  11. The Problem • MIL network has become too restrictive • Cadet computers are a security risk • Faculty – restrictions prevent doing job • Long software approval process • No access for cadets away from USAFA • DOD blocks ‘bad actor’ countries • Poor access for International researchers and cadets • AF prohibits commercial e-mail and IM • Cadets use computers for non-duty activities • Integrated NOSC removed local control

  12. Specific Examples • “Green Banner” • Strong Passwords • Blocking unused ports • Patches • Wireless security • Proxy filter too restrictive • Long software approval process • No default HTML view in email • Standard Desktop Configuration (SDC)

  13. AF. EDU • Air Education and Training Command • Establish and maintain one “af.edu” domain. … without exposing the af.mil network to security risks. • Members are students and faculty at the United States Air Force Academy, the Air Force Institute of Technology, and the Air University system.

  14. The collaboration infrastructure: MS Office SharePoint Service 2007 Enterprise MS Live Communications Server MS Exchange 2007 20 TB  36 TB storage Primary data location is in San Antonio, Texas Backup data location is in Missouri Multiple redundant backups AF.EDU Solution

  15. USAFA Approach • Use DREN as service provider for EDU • Request policy relief • SDC exception • Software approval process • DREN firewall exceptions • Collaborative tools • Separate EDU (DREN) & MIL (NIPRnet)

  16. Before (1992-2006) Admin Domain Ctrls File Servers Exchange Finance Faculty Staff USAFAnet Cadets Medical Athletics NIPRnet DREN .mil Internet

  17. During (2006-2007) Admin Domain Ctrls File Servers Exchange Medical Faculty Finance USAFAnet Staff Cadets Athletics NIPRnet DREN .mil Internet

  18. Admin Exchange After (July 2007) Exchange File Servers File Servers Domain Ctrls Domain Ctrls Medical Faculty Finance USAFA.MIL USAFA.EDU Staff Cadets Athletics NIPRnet DREN .mil Internet

  19. The Good, Bad & Ugly • EDU is physically separate! (24 Jul 07) • AF is more secure • Teamwork-- One Team, One Fight! • Migration took 30+ minutes per user X 6000 • Still many problems: Global Address List… • Kiosks as interim solution • AF Transformation reducing manning • External DoD changes

  20. Password Progression • Username only • Simple passwords – user created • Weak password rules – e.g. 8 characters • Expiration times – e.g. 60 – 180 days • Computer generated • Strong passwords with symbol combinations • Time and place restrictions • Biometric or Smartcard

  21. Smart Card Implementation • AF Common Access Cards (CAC) - PKI • Expense of cards ($ and manpower) • Certificate Authority • Implementation Problems: • Bad cards • Bad card readers • Middleware • Locked accounts • Lost cards

  22. Software Approval • Defense Information Assurance Certification & Accreditation Program (DIACAP) • Designated Accreditation Authority • Certification Authority • Information Assurance Manager • Information System Owner • 4-6 months

  23. Collaborative Tools • AF Prohibition • Instant Messaging • VoIP (Skype) • Desktop Video-conferencing • Blogs and Chats • DoD Solution • IBM Same Time • Adobe Connect

  24. Internet Blocking • MIL & EDU both block • Porn, Gambling, Hate Crimes, Criminal Skills • MIL blocks, but EDU allows • Chat, Games, Lifestyle, Mature, Medical, MP3 • IM, Facebook, YouTube • Problem areas • Anonymizer, P2P, File Sharing, Games, Skype • MySpace, YouTube – malware problems

  25. Network Access Control • Comply & Connect at least a year away • Host Based Security System • SMS  System Center Config Manager • National Institute of Standards and Technology Tools • Learn from civilian institutions • Required antivirus • Updated patches

  26. Conclusion • Can you have too much security? • YES! • How do you know when you to stop? • When the “pain exceeds the gain” • Users work around it to get job done • Sell the change – communicate w/ users! • Incremental changes are easier to sell • Convey the threat and risk • If you can’t sell it, then drop it.

  27. Questions

More Related