1 / 15

FTP Replacement Briefing

FTP Replacement Briefing. 08 Sep 06. FTP Replacement. Description: Replace FTP for all traffic outside .mil domain Requirements Documents: - DoDI 8551.1, Ports, Protocols, and Services Management - DSAWG FTP Vulnerability Assessment, updated 13 Sep 05

Download Presentation

FTP Replacement Briefing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. FTP Replacement • Briefing 08 Sep 06

  2. FTP Replacement • Description:Replace FTP for all traffic outside .mil domain • Requirements Documents: • - DoDI 8551.1, Ports, Protocols, and Services Management • - DSAWG FTP Vulnerability Assessment, updated 13 Sep 05 • - Air Force Weather Security Classification Guide, 1 May 2004 • - AFI 33-202v1, Network and Computer Security • - AFI 33-201, Transmission Security • Briefing Objectives:Inform OFCM CEISC of encryption requirement and change to SFTP Presentation for CCB, 16 Aug 06

  3. Background • On 9 Nov 04, JTF-GNO stated File Transfer Protocol (FTP) ports 20 and 21 would cease transferring data between DoD enclaves (.mil) and non-DoD enclaves (.edu, .com, .gov, .org, etc.) effective 9 Nov 06 • AFCA clearly stated that any replacement product used must be FIPS 140-2 certified • AFWA has standing requirement to encrypt all data sent outside DoD channels • The AFWA formed a working group in May 06 dedicated to finding an FTP replacement for the Strategic Center and our customers

  4. Analysis • The following criteria were considered in evaluating the open source version and commercial version (Tectia) of SFTP: • FIPS 140-2 compliance • Performance • Ports and protocols compliance • Ease of Integration • Interoperability • Cost • Maintainability

  5. Analysis (cont.) • A standards-based solution makes interoperability highly likely between open source and all commercial products use the same standard • Since SFTP appears to the user (at a command line or scripting level) to be an FTP clone, it would be simple to integrate as an FTP replacement • Software cost was not quantified. • Note: In addition to Tectia, there are many commercial SFTP products providing competition in the market for this standard solution. The working group only evaluated Tectia and free open source version.

  6. Performance • SFTP typically incurred about a 10-30% performance penalty, depending on the combination of SFTP versions in use • Some clients with relatively inefficient native FTP performance (e.g. Solaris 8) experienced a performance increase using SFTP • Conclusion: Based on performance, SFTP is a reasonable choice for encrypted secure file transfer

  7. Risks • Risk: Customers can’t comply with SFTP • Description: Non-.mil customers unable to transition to SFTP will cease send/receipt of data from AFWA • Mitigation: Assumption - Register all customers unable to meet deadline with AFNOSC and DSAWG. Registration must include a “get well” plan.

  8. Risks • NCEP • Global ensemble data not available for development • AGROMET pushed to NCEP DMZ may be discontinued • FNMOC • May not be able to easily implement SFTP (researching) • .COM, .EDU • May not easily be able to implement open source or commercial product

  9. DATMS-U • No impacts expected as DATMS-U is considered part of the DoD network

  10. Identified FTP Comms • POCs reached are detailed in the Excel spreadsheet: Update FTP users contacted.xls • Review and update of listed POCs by member agencies requested • Issues to be identified after 09 Nov 06 SFTP testing period begins

  11. Implementation Timeline • SFTP available for limited use by AFWA 9 November • Projected WARNORD issued by Air Staff no earlier than January 2007 • WARNORD +90: FTP cut-off date • Implementation schedule from WARNORD to cut-off date TBD

  12. Recommend CEISC member agencies review FTP communications to identify any additional data feeds between them and DoD and provide a POC to coordinate resolution NLT 30 Sep 06 Recommendation

  13. SFTP Questions?

  14. SFTP BACK-UP SLIDES

  15. Performance

More Related