SIPRNet - Jsac-dfw.org

disgustedtukwilaInternet and Web Development

Dec 14, 2013 (3 years and 7 months ago)

68 views

SIPRNet

(Secret Internet Protocol Router Network)

Government & Industry

Working Together


(Basics / New Policy / New Connection Process)

JSAC

April 2004

Lloyd J. Foster, ISSP, St. Louis, MO




Discuss DoD Long
-
Haul Policy


Identify SIPRNet Configuration


Discuss New Connection Process


Discuss New Disclosure Form

CONTRACTOR DISN CONNECTION PROCESS

Establishes DoD policy and assigns responsibility

to ensure effective, efficient, and economical use
of base and long
-
haul telecommunications
equipment and services.



Identifies the Defense Information Systems
Agency (DISA) as the telecommunications
decision authority.






DoD Directive 4640.14, 6 December 1991


http://web7.osd.mil

CONTRACTOR DISN CONNECTION PROCESS

All DoD long
-
haul communications requirements will
be submitted to DISA. DISA will use the appropriate
DISN service to satisfy DoD long
-
haul and wide
-
area
network information transfer requirements.

CONTRACTOR DISN CONNECTION PROCESS


Chairman Joint Chiefs of Staff Instruction

CJCSI 6211.02B, dated 31 July 2003

http://www.dtic.mil/doctrine

Long
-
haul connections are defined as those access
circuits which extend the boundaries of
base/post/camp/station. Circuits that go off
-
base will be
required to connect to the nearest DISN IP Router node.

CONTRACTOR DISN CONNECTION PROCESS



DoD Directive 4640.14, 6 December 1991


http://web7.osd.mil

SIPRNet

Secret, System High, US ONLY Network

Design Based on GCCS and DSNET1 Requirements

Recognize the Req't for Collateral Intelligence

T1 Backbone, Upgrading to DS3 (44.736 Mbps)


ATM Connectivity

10 GMF Gateways (ITSDN)

24 x 7 Network Management

SIPRNet Support Center (NIC)

Network & User Information Services

GCCS
-
T Backbone Support

SIPRNet


MONTHLY RECURRING CHARGES /FY04


Bandwidth: 1.544 (Mbps) Ethernet (6 Mbps) DS3 (44.+ Mbps)




Conus 2,430 3,646 22,500


Pacific 2,430 3,646 22,500


Europe 3,598 5,996 31,140









NORTHWEST


LEGEND

SIPRNet BACKBONE

CCSD


23MU

CCSD
-
23P6

NORTHWEST

TO
ELMENDORF


AFB

512KB/23DH

OPERATIONAL SIPRNET

HUB ROUTER (NODE)

PLANNED SIPRNET

HUB ROUTER (NODE)

INTER
-
ROUTER TRUNK

(OPN’L 1.544MB)

INTER
-
ROUTER TRUNK

(PLN’D)

ITSDN ROUTER

DAIL
-
UP COMM. SERVER

FT LEWIS


206

MCCLELLAN

BEALE


AFB




MONTEREY


SAN DIEGO
-
1

FT.

HUACHUCA


FT. HOOD


KELLY AFB

FT BUCHANAN

COROZAL


FT BRAGG
-
1

JACKSON
-


VILLE


MACDILL 1

MACDILL 2


MIAMI

SCOTT


AFB
-
2


SCOTT


AFB
-
1

COLUMBUS

WRIGHT
-
PAT


AFB
-
1

CARLISLE


BKS

HANCOCK

FT

MONMOUTH

PETERSON


AFB

SCHRIEVER


AFB

OFFUTT


AFB

FT

MCPH
-
1

TO FT BELVOIR (512KB/23HC)


512KB/23DT

1.544MB/239K


1.544MB


239L




CCSD
-
239Q


CCSD
-
23BB


CCSD/ 23ME


CCSD
-
23MW


CCSD
-
23BT


CCSD
-
23MQ

CCSD
-
235Z

CCSD
-
2360

CCSD

23UD


CCSD


2332


CCSD


23QP


TO ARLINGTON VA.


CCSD
-
233A


512KB/23DN

TO ELMENDORF AFB


CCSD
-

23UR

TO

FT SHAFTER

CCSD
-
23MR



TO FT MONMOUTH


CCSD
-
23QH

CCSD
-
234W

CCSD
-
23QA


CCSD


231J

CCSD
-
23MV


CCSD/231V


CCSD
-
231T


CCSD
-
2337


CCSD
-
234T


CCSD
-
233B


CCSD/2312

CCSD

2330


CCSD
-
234V



TO SITE
-
R/CCSD
-
23CZ

TO PENTAGON
-
1

CCSD
-
23DD

TO CROUGHTON

2.048MB/23UW

TO NORFOLK/2365

CCSD

23QB

TO PENTAGON
-
2/23MU


TO SITE
-
R/23AS


CCSD
-
2342

CCSD

23D4


CCSD
-
23MD

CCSD

239R


CCSD


239P


189


217


212


173


174


199


199


220


206


176


177


232

CCSD

23RU

07/17/98


CP ROBERTS


190



TO HICKAM

AFB

CCSD
-
23L7



TO HICKAM

AFB

CCSD/2361

TO FT SHAFTER CCSD
-
23C3/512KB

TO STERLING/CCSD/23B0


CCSD 2343


CCSD


23UC


CCSD


23CF


TO PENTAGON
-
1


256KB/23DC


222


235


219


229


191

CCSD/235Y

CCSD
-
23NV


SAN DIEGO
-
2


512KB


23DN


178


233


234


172

CCSD/234S


209

PENT
-
2

CCSD
-
2345

TO RAMSTEIN
-
23UU

TO FT MCPH

CCSD
-
2365

STERL

SITE
-
R


ARL

PENT
-
1


FT BEL
-
1

FT BEL
-
2

HAMPTON RDS

NORFOLK

CCSD

23AS

CCSD

2313


CCSD


232W


CCSD


233A


CCSD


23DD


CCSD


23RV

CCSD

23VE


CCSD


23RT




CCSD


23VG

CCSD
-
23RS

CCSD

-
23CB

TO SITE
-
R


171

FT MEADE


FTDETRICK

TO

SCOTT

AFB

CCSD

23B0



CCSD


23CZ


184


188


208


183


170


CCSD
-
23DC

TO BAHRAIN

CCSD
-
23E1

CCSD

23VA


175

TO COROZAL

512KB/23HC

TO PENT
-
1

CCSD
-
23VF


178


216


237


239


236


178


FT


MCPH
-
2

TO STERLING/2313

FT BRAGG
-
2


WRIGHT


PAT


AFB
-
2




230


231


214

MCNCSBRG

TO PENTAGON
-
1

OPERATIONAL SIPRNET

HUB ROUTER (NODE)

PLANNED SIPRNET

HUB ROUTER (NODE)

INTER
-
ROUTER TRUNK(OPN’L

1.544MB)

INTER
-
ROUTER TRUNK(PLN’D
)

ITSDN ROUTER

DIAL
-
UP COMM. SERVER

RAF

CROUGHTON

AVIANO

TUZLA


CAPODICHINO

VAIHINGEN
-
1

VAIHINGEN
-
2


NUERNBERG


RAMSTEIN

HEIDELBERG


CROUGHTON

LONDON

TO FT. MONMOUTH


(23UW/2.048MB)

TO HAMPTON RDS.

(23UU/2.048MB)

W9K3/512KB

LANDSTUHL

TO BAHRAIN/23D1/256KB


WJ6P


2.048MB

WLCJ/512KB


WPET


512KB

W9FS/384KB

W9ZH/512KB

WPES

512KB


W9Y8

512KB






WLBB


2.048MB


WLBA


512KB


WJ6N


2.048MB

WLMB/512KB

WLLR/256KB

TASZAR

WLLS/256KB


WJ6M


2.048MB

W9ZG

384KB


WJ4J


1.544MB


W9FN

1.544MB


W9FT


512KB


ROTA

512KB/M06Z

512KB/M06Y

TO BAHRAIN/23G6/256KB


W9FU


256KB

DISA
-
EUR RCC

SIPRNET NET


MGMT CTR
-

EUROPE

VAIHINGEN, GE


180


215


195


204


224


223


221


182


203


181


197

LEGEND


07/17/98


225

WLCJ/512KB

WLMB/512KB

WLLR/256KB

LANDSTUHL

SIPRNet BACKBONE


XEJ4


512KB


SIPRNet BACKBONE

OPERATIONAL SIPRNET

HUB ROUTER (NODE)

PLANNED SIPRNET

HUB ROUTER (NODE)

INTER
-
ROUTER TRUNK(OPN’L

1.544MB)

INTER
-
ROUTER TRUNK(PLN’D
)

ITSDN ROUTER

DIAL
-
UP COMM. SERVER

TO MCCLELLAN AFB

23DH/256KB

TO FT. LEWIS

23UR/1.544MB


23DG

512KB

WAHAWA

WHEELER AFB

HICKAM AFB

FT SHAFTER

JAPAN

HAWAIIAN ISLANDS

ALASKA

FINEGAYAN


YONGSAN

CP WALKER

OSAN

FT BUCKNER

YOKOTA




XEG2/128KB


XD4S


512KB

XD4V/512KB

XD7N/256KB

XEJ1/512KB

XD7P/512KB


XD7S


512KB

XD46/512KB

DISA
-
PAC RCC

SIPRNET NET

MGMT CTR
-

PACIFIC

XEJ1/512KB

XD4N/512KB

XEG2/128KB


XD4T/1.544MB

TO FT. HUACHUCA/23C3/512KB

TO FT. LEWIS/23MR/1.544MB

TO BEALE AFB/2361/1.544MB

TO MCCLELLAN AFB/23L7/1.544MB

XD5F/512KB

XD4P/512KB

XE4J/512KB

XD44/512KB


XD44/512KB

XD7S/512KB

XD7N/256KB


XD6X/512KB

XD46/512KB

TO BAHRAIN/23MM/256KB



LEGEND


07/17/98


194


185


210


187


198


207


193


211


179


186


192

XD7Z/512KB

XEL8/1.544MB






XEG1/1.544MB



ELMENDORF


AFB

ITSDN

ITSDN

SOUTH

KOREA


XD6X/512KB

SIPRNet Upgrade
--
Conus



Existing DISN ATM
-
C Points of Presence


vs. Requirement



SOUTHCOM

PACOM

AFMC

TRANSCOM

EUCOM

ACOM

NCR



SOCOM/

CENTCOM

SPACECOM

STRATCOM



ATM Service













San Diego





Integrated Tactical
-
Strategic
Data Network (ITSDN)

Customer requests contractor access


Joint Staff
(J6)
validation
*


*
Validation required for:

Contractors

Non
-
DoD Federal Agencies

State and Local Governments

Foreign Government and Allied Organizations

Attn: Lt Col David Phillips

Pentagon, Joint Staff/J6C

Room 1E564

Washington, DC 20318
-
6000

david.phillips@js.pentagon.mil

CONTRACTOR DISN CONNECTION


Customer requests contractor access

DISA (NS52)

SIPRNet Program Office

DSS HQ (DD2
-
IA)

Customer submits initial modeling

request, funding data

Customer submits request for service

to Telecommunications Cert. office


Joint Staff (J6) validation


Requests of Customer


1. IP Address(es)

2. Disclosure Authority


(Filtering)


Assigns to DSS FO



SIPRNet CONNECTION

DSS Field Office provides contractor connection


requirements to develop SIPRNet

Security Package
*


GOAL:
60 Days



*
SECURITY PACKAGE

1. DSS Accreditation Letter

2. SIPRNet Security Plan

3. Letter of Consent to Monitor

4. Network Topology Diagram


IP Address

5. Risk Assessment

6. SIPRNet Connection Questionnaire



DSS accredits IS
*



Contractor submits SIPRNet security plan


*
Accreditation based on contract life

not to exceed three years


On
-
site visit and technical review by
DSS ISSP
required
.


DSS performs certification testing


SIPRNet CONNECTION

Customer arranges for email/domain name service

SIPRNet CONNECTION

Customer assigns IP addresses to contractor IS

Customer provides filtering information to DISA (SMC)

Electronic Testing


DISA performs

Compliance Validation

SIPRNet CONNECTION

DISA reviews package, issues IATC

DISA installs circuit

Contractor sends security package to DISA (NS52)


*
Defense Information Systems Agency


ATTN: Mr. Leon Walker Code NS52


5275 Leesburg Pike


Falls Church, VA 22041


walkerle@ncr.disa.mil

Forwards ATC to Contractor

IS fails

CV

Electronic Testing


DISA issues ATC


IS
passes

CV

DISA reevaluates

or performs new CV

DISA notifies contractor

24 hrs.
-

30 Days

Contractor

corrects

SIPRNet CONNECTION


Hub


Router

DISA Leased Circuit

Router

Contractor’s

Work Station

or LAN

SIPRNet CONNECTION

SIPRNet

NSA Encryption

Modem

Firewall


Hub


Router

SIPRNet Filtering

www.navy.smil.mil

128.06.22.92
-
FTP

140.49.88.48
-
Telnet

199.22.74.50
-
SMTP

www.navy.smil.mil


Hub


Router


Hub


Router


Hub


Router


DISA Hub


Router

128.06.22.92

140.49.88.48

199.22.74.50

Contractor

Connection

SIPRNet

Network

CONDENSED

SIPRNET


IS

Contracto
r


Questions


disn@mail.dss.mil