academic freedom vs network security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Academic Freedom vs Network Security PowerPoint Presentation
Download Presentation
Academic Freedom vs Network Security

Loading in 2 Seconds...

play fullscreen
1 / 27

Academic Freedom vs Network Security - PowerPoint PPT Presentation


  • 227 Views
  • Uploaded on

Academic Freedom vs Network Security. Rich Mock USAFA CIO 8 Apr 2008. or… Can You Have Too Much Security?. Overview. AF Mission – Air Force Base USAF Academy Mission IT Environments Conflict Solutions USAF vs Academy Approach Issues Examples Conclusion. Air Force Mission.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Academic Freedom vs Network Security' - JasminFlorian


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
academic freedom vs network security

Academic Freedom vs Network Security

Rich Mock

USAFA CIO

8 Apr 2008

overview
Overview
  • AF Mission – Air Force Base
  • USAF Academy Mission
  • IT Environments
  • Conflict
  • Solutions
  • USAF vs Academy Approach
  • Issues
  • Examples
  • Conclusion
air force mission
Air Force Mission
  • Deliver sovereign options for the defense of the United States of America and its global interests -- to fly and fight in Air, Space, and Cyberspace. 
  • Vision: Global Vigilance, Reach and Power.
fairchild afb washington
Fairchild AFB, Washington
  • Air Mobility Command
  • 92nd Air Refueling Wing (35 KC-135s)
  • Operations Group
  • Maintenance Group
  • Medical Group
  • Mission Support Group
    • Civil Engineer Squadron
    • Communications Squadron
  • Park University, SIUC, Webster
usaf academy mission
USAF Academy Mission
  • To educate, train and inspire young men and women to become officers of character motivated to lead the United States Air Force in service to the nation.
  • Academics (4 year university)
  • Athletics (NCAA Div I)
  • Military (active duty USAF)
usafa organizations
USAFA Organizations
  • President – Superintendent
  • Provost - Vice Superintendent
  • Student Body - Cadet Wing (4400)
  • Commandant of Cadets – military training
  • Dean of Faculty
  • Athletic Department
  • Prep School
  • Research Centers
  • Support Organizations
  • Medical + Hospital
  • Flying Training
af base it environment
AF Base IT Environment
  • Locked down desktop computers
  • Boundary protection
    • Firewalls, proxy servers, anti-virus
  • Software Patches & Scans
  • Policies & Procedures
  • System Certification & Accreditation
  • Authentication (CAC and strong password)
  • No entertainment (work environment only)
  • Network Control: Base, Intermediate, AF
usaf academy it environment
USAF Academy IT Environment
  • Students issued desktop PCs (1986)
  • High speed network installed, all academic buildings & dorms (1993)
  • Cadet notebooks (2001)
  • Wireless network (2002)
  • Tablet computers (2006)
  • No commercial ISP for cadets
natural enemies
Natural “Enemies”
  • Cops vs Robbers
  • Cobra vs Mongoose
  • Security vs Academics

Stability Innovation

Few changes Experimental

Less access More exchange of information

Proven solutions Research new ideas

the problem
The Problem
  • MIL network has become too restrictive
  • Cadet computers are a security risk
  • Faculty – restrictions prevent doing job
  • Long software approval process
  • No access for cadets away from USAFA
  • DOD blocks ‘bad actor’ countries
  • Poor access for International researchers and cadets
  • AF prohibits commercial e-mail and IM
  • Cadets use computers for non-duty activities
  • Integrated NOSC removed local control
specific examples
Specific Examples
  • “Green Banner”
  • Strong Passwords
  • Blocking unused ports
  • Patches
  • Wireless security
  • Proxy filter too restrictive
  • Long software approval process
  • No default HTML view in email
  • Standard Desktop Configuration (SDC)
af edu
AF. EDU
  • Air Education and Training Command
    • Establish and maintain one “af.edu” domain. … without exposing the af.mil network to security risks.
    • Members are students and faculty at the United States Air Force Academy, the Air Force Institute of Technology, and the Air University system.
af edu solution
The collaboration infrastructure:

MS Office SharePoint Service 2007 Enterprise

MS Live Communications Server

MS Exchange 2007

20 TB  36 TB storage

Primary data location is in San Antonio, Texas

Backup data location is in Missouri

Multiple redundant backups

AF.EDU Solution
usafa approach
USAFA Approach
  • Use DREN as service provider for EDU
  • Request policy relief
    • SDC exception
    • Software approval process
    • DREN firewall exceptions
    • Collaborative tools
  • Separate EDU (DREN) & MIL (NIPRnet)
before 1992 2006
Before (1992-2006)

Admin

Domain Ctrls

File Servers

Exchange

Finance

Faculty

Staff

USAFAnet

Cadets

Medical

Athletics

NIPRnet

DREN

.mil

Internet

during 2006 2007
During (2006-2007)

Admin

Domain Ctrls

File Servers

Exchange

Medical

Faculty

Finance

USAFAnet

Staff

Cadets

Athletics

NIPRnet

DREN

.mil

Internet

after july 2007

Admin

Exchange

After (July 2007)

Exchange

File Servers

File Servers

Domain Ctrls

Domain Ctrls

Medical

Faculty

Finance

USAFA.MIL

USAFA.EDU

Staff

Cadets

Athletics

NIPRnet

DREN

.mil

Internet

the good bad ugly
The Good, Bad & Ugly
  • EDU is physically separate! (24 Jul 07)
    • AF is more secure
  • Teamwork-- One Team, One Fight!
  • Migration took 30+ minutes per user X 6000
  • Still many problems: Global Address List…
  • Kiosks as interim solution
  • AF Transformation reducing manning
  • External DoD changes
password progression
Password Progression
  • Username only
  • Simple passwords – user created
  • Weak password rules – e.g. 8 characters
  • Expiration times – e.g. 60 – 180 days
  • Computer generated
  • Strong passwords with symbol combinations
  • Time and place restrictions
  • Biometric or Smartcard
smart card implementation
Smart Card Implementation
  • AF Common Access Cards (CAC) - PKI
  • Expense of cards ($ and manpower)
  • Certificate Authority
  • Implementation Problems:
    • Bad cards
    • Bad card readers
    • Middleware
    • Locked accounts
    • Lost cards
software approval
Software Approval
  • Defense Information Assurance Certification & Accreditation Program (DIACAP)
  • Designated Accreditation Authority
  • Certification Authority
  • Information Assurance Manager
  • Information System Owner
  • 4-6 months
collaborative tools
Collaborative Tools
  • AF Prohibition
    • Instant Messaging
    • VoIP (Skype)
  • Desktop Video-conferencing
  • Blogs and Chats
  • DoD Solution
    • IBM Same Time
    • Adobe Connect
internet blocking
Internet Blocking
  • MIL & EDU both block
    • Porn, Gambling, Hate Crimes, Criminal Skills
  • MIL blocks, but EDU allows
    • Chat, Games, Lifestyle, Mature, Medical, MP3
    • IM, Facebook, YouTube
  • Problem areas
    • Anonymizer, P2P, File Sharing, Games, Skype
    • MySpace, YouTube – malware problems
network access control
Network Access Control
  • Comply & Connect at least a year away
    • Host Based Security System
    • SMS  System Center Config Manager
    • National Institute of Standards and Technology Tools
  • Learn from civilian institutions
    • Required antivirus
    • Updated patches
conclusion
Conclusion
  • Can you have too much security?
    • YES!
  • How do you know when you to stop?
    • When the “pain exceeds the gain”
    • Users work around it to get job done
  • Sell the change – communicate w/ users!
    • Incremental changes are easier to sell
    • Convey the threat and risk
      • If you can’t sell it, then drop it.