Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

DIA/DODIIS Implementation of Microsoft Technology

advertisement 
UNCLASSIFIED
DIA/DODIIS
Implementation of
Microsoft Technology
JEDI for Windows
JEDI PMO
Comm: 315-330-7657 • DSN: 587
Email: jedi@rl.af.mil
1
UNCLASSIFIED
OBJECTIVE
• Provide a brief overview of the Windows 2003
implementation & lockdown in the Defense
Intelligence community
• Why a DoDIIS Baseline?
• Who Is Building It?
• Workstation Baseline
• Server Baseline
• Provide points of contact
2
UNCLASSIFIED
Why a DoDIIS Baseline?
•
Facilitate FSD / dodiis.ic.gov; the DoDIIS Enterprise
•
Provide a well-engineered reference implementation
– DoDIIS Integrators Guide compliant
– ITA Certified
•
Fully documented, including SSAA package
•
Promote interoperability through common core tools
•
Provide a common baseline target for integration, testing, and
deployment of mission apps
•
Set a precedent for JWICS that can be shared for use on other
DoD and coalition networks
•
Reduce duplication of similar integration / security work
3
UNCLASSIFIED
Who Is Building It?
Microsoft and Citrix
COTS foundation!
•
•
•
DIA Global Enterprise Services (GES) Roles:
–
Windows Server Builds
–
Documentation
–
DoDIIS FSD Guidance
AFRL/JEDI Roles:
–
Security Templates (DCID 6/3 & DITSCAP)
–
JEDI Tools
–
Deployment support to sites
ONI-4 Roles:
–
Windows Terminal Server Build
–
Windows XP Client Build
–
JDISS JPO Testing & CM support
–
ITA / RITF Certification support
–
JDISS JPO Deployments to Joint and Allied
Customers
DoDIIS Baseline Charter MOA, signed 21 Mar 05 (DIA CIO, ONI-4, JEDI PM).
4
UNCLASSIFIED
DoDIIS Baseline Components
•
•
•
•
Windows 2003 Server Builds / Configurations
– Member Server
– Domain Controller
– MS Exchange 2003 Server
– Windows Terminal Server (WTS)
– Internet Information Server (IIS)
– SharePoint Server
Windows XP Professional (SP2) Build
– Thick Client / Standalone / Laptop – all same build
– Includes DoDIIS Core Applications set (listed on next slide)
– Will supercede JDISS v4.X Baseline
All builds implement JEDI security templates
All builds up-to-date on service packs and hot fixes
5
UNCLASSIFIED
DoDIIS Core Applications
Windows XP Professional OS, Service Pack 2 (SP2)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Adobe Acrobat Reader v6.0.2
Adobe SVG Viewer v3.0.1
Apple QuickTime v6.5
JEDI Security / Utilities v2.0
Macromedia Flash v7.0.1.9.0
Macromedia Shockwave v10
mIRC v6.1.6 Chat
MS Internet Explorer v6.0
MS .Net Framework v1.1
MS Media Player v10.0
MS Messenger v5.0
MS Office 2003 Prof. Ent. (SP1)
Netscape Communicator v7.2
RealPlayer v10.0
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Sentinel Client Activator v2.2
Sentinel License Manager v7.2
Symantec AntiVirus Corp v9.0.1
Windows Support Tools
MS MDAC v2.8
MS Remote Desktop
MS Windows Installer v3.0
MS Visio 2003 Viewer
MSXML v4.0 (SP2)
I2 Link Chart Reader v6.0
NicMak WinZip v9.0
Sun JRE v1.4.2_06
Kixtart Scripting Language
USAF NT Toolbox v2.01
Outlook Classification Tool Build 21
WS_FTP (LE version)
6
UNCLASSIFIED
XP Desktop Build Details
• Windows XP unattended with SP2 slipstreamed and
automatic kickoff of Automated build script.
• Build script written in VBScript
– Insures each baseline build is identical facilitating
better enterprise management of patches and
application deployment.
– Automation checks all return codes from silent
installs and reports any errors.
• All DoDIIS Core applications installed with built-in
silent mechanisms or packaged to be silent.
7
UNCLASSIFIED
Server Build Details
•
•
•
•
•
•
Microsoft Windows Server 2003 OS
IAVA Patches
JEDI Security Templates and Tools
WinZip
Symantec Antivirus
Tested Hardware
– HP DL580 and HP DL380
• Standard automated build script for Windows 2003
Member Server
• Automation of Domain Controllers, Exchange,
WTS/CITRIX, Sharepoint, and IIS is underway
• OPSWARE to maintain patches and track changes
8
UNCLASSIFIED
Enterprise Management
• OPSWARE (W2K3 Server Management)
• SMS Server 2003 (XP Management)
– Application Deployment
– Software Update Services (SUS) Patches
– Group Policy Software Restrictions
– Application ADM Templates
• Citrix Installation Manager (WTS Server Management)
9
UNCLASSIFIED
Availability
• Late Summer or Fall 2005
• Undergoing ITA certification notionally this Summer
• How to get Media & Documentation…
– JDISS JPO will distribute media and
documentation for both server and workstation
components of the DoDIIS Baseline
– Order media on-line via JDISS Web Site on JWICS
• http://jdiss.nmic.ic.gov
– Download documents, patches, and mission
applications via JDISS Web Site
• Note: Cannot download DoDIIS Baseline
10
infrastructure (i.e. WinXP / 2003 Baseline)
UNCLASSIFIED
WHAT IS JEDI?
•
The DIA sponsored Joint Enterprise DoDIIS Infrastructure (JEDI)
program was a joint effort between DIA, Microsoft and the Air Force
to rapidly deploy a highly secure Windows infrastructure baseline
within the defense intelligence community.
•
JEDI provides:
– Common Security and Infrastructure Baseline to meet the
requirements of the DoDIIS community.
– Secure, cross-platform, interoperable, communications and
enterprise management
•
Helps achieve DCID 6/3 Compliance (PL2 HI HA)
•
DoDIIS Tested & Approved Baseline of Tools and Services
•
DEC/DoDIIS Certificate to Field
•
On-site Installation and Integration Assistance (GDIP Sites)
•
Easy installation via Microsoft RIS install capabilities or disk cloning
11
UNCLASSIFIED
JEDI 2.1 FOR WINDOWS
•
Supports W2K, XP, and Windows 2003 Server
– CERTIFIED, v. 2.0 fielding now.
•
Security Baseline
– Based on NSA STIGs for 2000 and XP
– W2K3 lockdown based on Microsoft/DIA/JEDI collaboration
•
Additional Tools
– Graphical Configuration Utility (MMC Plug-Ins) for utilities
– Secure Print Utility: PostScript, PCL & duplexing
– COTS “DeviceLock” Lockout
– DoDIIS FSD Integration
– Improved Installation GUIs
– Improved Documentation
12
UNCLASSIFIED
INVESTMENT TEAM
•
Program Manager: Dr. Ryan Durante, Ph.D., MCSE, CISSP,
APDP Level III
•
Deputy Program Manager: 1 Lt Brian Chapeau, MCSE, CISSP
•
Chief Engineers:
– Mr. Norm Leach, GS-12, MCSE, APDP Level III
– Mr. Kevin Dyer (NG-DMS)
– Mr. Doug Massey (NG-DMS)
•
Executive Agent: Air Force C2ISR Center
•
Technical Team: AFRL/IFEB
•
Contractors: NG-DMS, MITRE, BAE, BAH, SI, C3I
13
UNCLASSIFIED
JEDI 2.1 IN THE RSC
• JEDI provides the security infrastructure for the
Defense Intelligence community
• J2W provides the RSC server security baseline build
• J2W will provide the RSC client infrastructure build
for fat clients
• J2W is providing infrastructure baseline to JDISS
and DIA
14
UNCLASSIFIED
JEDI DEPLOYMENT
15
UNCLASSIFIED
JEDI DEPLOYMENT
16
UNCLASSIFIED
COMMUNITY SUPPORT
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
US State Department
US Department of Energy,
Los Alamos National Labs
DPOC
DCGS 10.2
JDISS
AF Mobile Command &
Control Center (MCCC)
JASSM
IBS
NIMA International Sites
Army (37 sites)
JBC
GUARDRAIL
JSIMS
SPAWAR
USAFE
7th AF
Transformation Center
AOC WS
JEFX-04
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
USTRANSCOM
•
USPACOM
•
USEUCOM
USJFCOM
•
USSOUTHCOM
•
USSOCOM
•
USNORTHCOM
USSTRATCOM
•
USSTRICOM
Goodfellow AFB
•
FORSCOM
•
AFSOC
•
GISA
•
ONI-53
•
PASS-K
PASS-E
PASS-J
Airborne Common Sensor (ACS)
Targets Under Trees (TUT)
Marine Corps Intelligence Activity
(MCIA)
Air Force Combat Climatology
Center (AFCCC)
M3
COMNAVSPECWARDEVGRU
National Ground Intelligence
Center (NGIC)
USA - Information Assessment
Test Tool (IATT)
480th Intelligence Group
DES&S
USA JTC/SIL, Redstone Arsenal
NSA WARGODDESS
USA Special Operations
Command (SASOC, DCS, G-2,
AOIN-SEA)
17
UNCLASSIFIED
COMMUNITY SUPPORT
•
•
•
•
•
•
•
•
•
•
•
•
•
•
CENTAF-AUAB/TBMCS at Al
Udeid Qatar
Jaycor at Albuquerque NM
Titan Systems at
Albuquerque NM
Assurance Technology
Corporation at Alexandria VA
Virtual Technology Corp at
Alexandria VA
Veridian System at Ann
Arbor MI
Raytheon at Annapolis
Junction MD
SAIC at Arlington VA
AFCCC at Asheville NC
NGIT at Baltimore MD
13 IS at Beale AFB CA
48 IS at Beale AFB CA
9 IS at Beale AFB CA
DGS-2 at Beale AFB CA
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
ITEK at Beale AFB CA
MITRE at Bedford MA
NGIT at Bellevue NE
AFIAA at Bolling AFB DC
DIA at Bolling AFB DC
JIVA at Bolling AFB DC
Data Exploitation RDDC/DRDC
at Canada
NIMA at Chantilly VA
Veridian System at Chantilly VA
SPAWAR at Charleston SC
CTA Inc. at Colorado Springs CO
Lockheed Martin at Colorado
Springs CO
ManTech Aegis Research
Corporation at Colorado
Springs CO
NGIT at Colorado Springs CO
Raytheon at Dallas TX
•
•
•
•
•
•
•
•
NSWDG at Dam Neck, VA
66MI at Darmstadt Germany
612 AIS/INY at Davis Monthan
AFB AZ
NAIC at Dayton OH
SAIC at Dayton OH
Lockheed Martin at Denver CO
Defence Science & Technology
Organisation at Edinburgh
Australia
53 CSS/SCN at Eglin AFB FL
18
UNCLASSIFIED
COMMUNITY SUPPORT
•
•
•
•
•
•
•
•
•
•
•
•
•
Raytheon at El Segundo CA
BTG - JSIMMS at Fairfax VA
Titan - IBS at Fairfax VA
Titan Systems / RIS at Fairfax
VA
Raytheon at Falls Church VA
JSIMS at Felts Field FL
I2WD / Army at Fort Monmouth
NJ
ISSO at Fort Washington MD
HQ US Army INSCOM at Ft
Belvoir VA
GISA at Ft Bragg NC
Ft Buchanan PR
Army OTC at Ft Hood TX
FORSCOM at Ft McPherson
GA
•
•
•
•
•
•
•
•
•
•
•
•
•
694 SPTS/SCBNS at Ft Meade
MD
Prophet at Ft Monmouth NJ
Ft Shafter HI
DIA at Ft Washington MD
GLACIER at GLACIER
Lockheed Martin at Gaithersburg
MD
Raytheon at Garland TX
17 CS/SCBBA at Goodfellow
AFB TX
17TRG at Goodfellow AFB TX
17TRSS at Goodfellow AFB TX
AETC at Goodfellow AFB TX
Northrop Grumman at
Goodfellow AFB TX
Lockheed Martin at Goodyear AZ
•
•
•
•
•
•
•
•
•
•
•
Modern Technology Corporation
at Hampton VA
ESC at Hanscom AFB MA
ESC/IN at Hanscom AFB MA
ESC/SR at Hanscom AFB MA
Blackbird Technologies at
Herndon VA
56th IWF at Hickam AFB HI
PACAF PAS at Hickam AFB HI
PACAF PAS at Honolulu HI
PEO Air & Missile Defense at
Huntsville AL
US Army Threats System
Management at Huntsville AL
HQ AFSOC at Hurlburt Field FL
19
UNCLASSIFIED
COMMUNITY SUPPORT
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
INS Office of HQ AFSOC at
Hurlburt Field FL
Lockheed Martin at King of
Prussia PA
AFRL at Kirtland AFB NM
Phillips Lab at Kirtland AFB NM
10TH IS at Langley AFB VA
27IS at Langley AFB VA
27IS/INYN at Langley AFB VA
27IS/INYO at Langley AFB VA
480 IG at Langley AFB VA
480 IG/SCTM at Langley AFB
VA
83 CS at Langley AFB VA
ACC / INSC at Langley AFB VA
ACC INYS at Langley AFB VA
AFC2ISRC at Langley AFB VA
CAOC-X at Langley AFB VA
•
•
•
•
•
•
•
•
•
•
•
•
•
ESC / AC - OL - L at Langley
AFB VA
ITEK at Langley AFB VA
SAIC at Langley AFB VA
Unknown at Langley AFB VA
Northrop Grumman at Linthicum
MD
123IS/SC at Little Rock AFB AR
Lockheed Martin at Littleton CO
RAF Storm Shadow
Implementation Team at London
UK
USCENTCOM at MacDill AFB FL
USSOCOM at MacDill AFB FL
Harris Corporation at Melbourne
FL
BAE Systems at Newington VA
ESCS RHG/DCGS at Newport
News VA
•
•
•
•
•
•
•
•
20IS at Offutt AFB NE
55 MCCS at Offutt AFB NE
55th MCIS at Offutt AFB NE
AFWA at Offutt AFB NE: 5
General Dynamics - Decision
Systems at Orlando FL
JSIMS at Orlando FL
Lockheed Martin at Orlando FL
NGIT (JSIMS/WARSIM) at
Orlando FL
20
UNCLASSIFIED
COMMUNITY SUPPORT
•
•
•
•
•
•
•
•
•
•
•
US Army/STRICOM at Orlando
FL
607th Air Intelligence Squadron
at Osan AFB ROK
7 IWF AIA/ACC at Osan AFB
ROK
751 CS at Osan AFB ROK
National Defence at Ottawa ON
CAN
Radar Applications and Space
Technologies at Ottawa ON
CAN
4CACS/MAOSO at Peterson
AFB CO
USSPACECOM/NORTHCOM
at Peterson AFB CO
Lockheed Martin at Philadelphia
PA
Epoch Software at Phoenix AZ
JAC at RAF Molesworth UK
•
•
•
•
•
•
•
•
•
•
•
•
•
BAE Systems at Ramstein AB
GE
HQ USAFE at Ramstein AB GE
USAFE CSS at Ramstein AB GE
USAFE ESS at Ramstein AB GE
USAFE IFSA at Ramstein AB GE
NGIT at Redding MA
152 Intelligence Squadron (IS) at
Reno NV
Lockheed Martin at Reston VA
NIMA at Reston VA
Warner-Robins Air Logistics
Center at Robins AFB GA
BAE Systems at Rome Research
Site NY
Dolphin Technology Inc. at Rome
Research Site NY
TWR at Sacramento CA
•
•
•
•
•
•
•
•
•
•
•
L-3 Communications at Salt Lake
City UT
L-3Com at Salt Lake City UT
BAE Systems at San Diego CA
BAE Systems, Mission Solutions
at San Diego CA
Booz Allen Hamilton at San
Diego CA
SPAWAR at San Diego CA
Lockheed Martin at San Jose CA
General Dynamics - Decision
Systems at Scottsdale AZ
ASPO Depot at Seal Beach CA
General Dynamics at Seal Beach
CA
609 AIS/GD at Shaw AFB SC: 3
21
UNCLASSIFIED
COMMUNITY SUPPORT
•
•
•
•
•
•
•
•
•
•
•
•
•
Raytheon at State College PA
Joint Warfighting Center at
Suffolk VA
ONI at Suitland MD
CENTCOM J2 at Tampa FL
General Dynamics at Tempe AZ
General Dynamics at Thousand
Oaks CA
General Dynamics Advanced
Information Systems at
Thousand Oaks CA
Thundercloud
Davis-Monthan AFB at Tucson
AZ
Titan Systems at Tysons
Corners VA
MITRE at Unknown
Lockheed Martin at Valley
Forge PA
Vanderberg AFB CA
•
•
•
•
•
•
•
•
•
•
•
•
•
Titan Systems at Virginia Beach •
VA
•
MAOSO at Warren AFB WY
•
DIA at Washington DC
Lockheed Martin at Washington
DC
Marine Corp Intelligence Activity
(MCIA) at Washington DC
NGIT at Washington DC
NIMA at Washington DC
NMIC at Washington DC
Veridian System at Washington
DC
ASC/RAB at Wright-Patterson
AFB OH
NAIC at Wright-Patterson AFB
OH
NAIC/DXMS at Wright-Patterson
AFB OH
SAIC at Wright-Patterson AFB
OH
374 CS at Yokota JP
Titan Systems at Yorktown VA
160th Special Operations
Aviation Regiment, Ft. Campbell,
KY
22
UNCLASSIFIED
SUPPORTED PLATFORMS
JEDI
OS
Release Date
2.0
W2K/WinXP/W2K3
Aug 04
2.1
W2K/WinXP/W2K3
Jun 05
23
UNCLASSIFIED
CUSTOM INSTALLATION
• New & improved
installation interface
• Wise Installer based
• More granular level of
control, allows trusted
users maximum control
• msi packaged for easy
installation
24
UNCLASSIFIED
JMC
•
JEDI Management
Console (JMC) Snap-In is
installed within the
Microsoft Management
Console (MMC)
•
A standard, centralized
interface for JEDI
configuration
Management Console
25
UNCLASSIFIED
CLEAR TEMP
•
Ensures that no data is left in any
unsecured directories
Clear Temp Tool
•
Deletes all files in designated
directories upon each user
logout, and optionally upon user
•
Automatically executes the MS
Disk Cleanup tool
Disk Cleanup Tool
Utilities
•
Microsoft Disk Cleanup tool
(cleanmgr.exe)
•
Scans a designated drive or
location & removes all instances
of particular file types
26
UNCLASSIFIED
DEADMAN
•
Monitors and restricts access after a
specified period of inactivity
•
Tracks the length of time a system is
left idle
•
Performs actions to secure the system
from unauthorized access
– Displays a secure screensaver
– Notifies the user of pending
timeout
– Sends a notification via email
– Terminates the current session
– Runs a custom script or batch file
Utilities
27
UNCLASSIFIED
EVENT BACKUP
Utilities
•
Collects logs from
Windows systems across a
domain for storage in a
central location
•
Copies the log files from
each system and optionally
clears the original logs
•
Fully configurable
28
UNCLASSIFIED
ISD
Utilities
•
Infrastructure Service Daemon
•
Maintains and administers
JEDI Windows system from a
JEDI Solaris administrative
system
•
Allows the Windows system
to accept communications
only from authorized Solaris
hosts
•
Automatically executes at
system startup as a service
29
UNCLASSIFIED
LOGON CONSENT
Utilities
•
Requires authenticated
users to agree to a legally
binding monitoring and
usage agreement before
gaining system access
•
Audit records are
produced with each user
action
•
Customizable based on
site requirements
30
UNCLASSIFIED
PASSWORD FILTER
Utilities
•
Strengthens password
integrity through the
enforcement of password
construction rules
•
Configurable to enforce
additional password
restrictions
•
Gives the ability to create a
custom dictionary file
•
Meets new AR 25-2
requirements
31
UNCLASSIFIED
PRINT UTILITY
Utilities
•
Provides the capability to
add security markings to
all hardcopy printouts on
local and network print
devices
•
Grants certain print
privileges to each user
32
UNCLASSIFIED
SECURITY BANNER
Utilities
•
Displays a read-only label that
appears at the top (and
optionally at the bottom) of the
computer screen
•
Provides security markings for
the system
•
Settings are contained in the
Windows Registry and are
configurable through the
Security Banner JMC Snap-In
interface or the Security Banner
Administrative Template
33
UNCLASSIFIED
WATCHDOG
Utilities
•
Monitors the Windows System
Event Log for any failed and
restarted services
•
In the event of a service
failure, Watchdog takes predetermined actions to alert the
current user
•
Relies on the native Windows
Service Utility to restart failed
services
•
Settings are contained in the
Windows Registry and are
configurable via the Watchdog
JMC Snap-In
34
UNCLASSIFIED
DEVICE LOCK 5.7
Utilities
•
COTS Tool
•
DoDIIS Enterprise Licensed
•
Provides system administrators
control over which users can
access certain devices on a local
computer
•
Protects the network by locking
unauthorized user access to WiFi, Bluetooth, USB, FireWire, CDROMs, floppy drives, serial and
parallel ports, & other Plug and
Play devices
•
Requires Windows NT 4.0,
Windows 2000, Windows XP or
Windows Server 2003
35
UNCLASSIFIED
DoDIIS FSD
•
DoDIIS Full Service
Directory Interface
•
Populates the Active
Directory schema with FSD
attributes.
•
Provides a local user
interface for FSD fields.
Advanced Utilities
36
UNCLASSIFIED
AD INTEGRATION
•
JEDI Administrative Templates
(ADMs) provide allow for the
configuration of utilities through
Windows Group Policy
•
JEDI automatically applies the
appropriate standalone ".inf"
files
•
Manually apply additional
incremental ".inf" files to
support additional server roles
•
Provides a custom ".inf" file to
support group policy settings
not implemented through the
JEDI ADMs
Advanced Utilities
37
UNCLASSIFIED
DOCUMENTATION
Version Description
Document
System Security
Authorization Agreement
Interface Definition
Document
Installation &
Configuration Guide
VDD
SSAA
IDD
UM
Extensive
Documentation
1,162 pages of it
for J2W
IDD
TFM
ICG
Software & Security Test
Description
User Manual
SSTD
Documentation
MSRTM
Training Management
Plan
Trusted Facility Manual
Master Security
Requirements
Traceability Matrix
38
UNCLASSIFIED
WEB PAGE
https://extranet.rl.af.mil/jedi
http://ife.rl.af.smil.mil/jedi
http://web1.rome.ic.gov/jedi
All administration, security
documentation & templates
are available on-line.
39
UNCLASSIFIED
SUMMARY
•
JEDI provides the Security and Infrastructure baseline to meet DIA
and DoDIIS SCI Requirements
•
DEC endorsed
•
JEDI 2.0 is available NOW
•
JEDI 2.1 has integrated many of the requirements and services
that the community asked for last year – available Jun 05
•
Deployment migration is rapidly moving forward
•
JEDI is providing the baseline to JDISS and DIA
•
Ensuring we are all interoperable
•
Goal: ONE infrastructure, one baseline
40
Related documents
clinical social worker-entry level/intern (42s1)
clinical social worker-entry level/intern (42s1)
13733 77th Ave Ct E Puyallup, WA 98373 937-776
13733 77th Ave Ct E Puyallup, WA 98373 937-776
5 Themes R – Region H> - Human/Environmental Interaction E> L
5 Themes R – Region H> - Human/Environmental Interaction E> L
(afb) in the western cape - Department of Agriculture
(afb) in the western cape - Department of Agriculture
The Application Autofluorescent Bronchoscopy for the Detection of
The Application Autofluorescent Bronchoscopy for the Detection of
intro to basal alignment powerpoint
intro to basal alignment powerpoint
Aflatoxin (AFB) and Fumonisin (FB)
Aflatoxin (AFB) and Fumonisin (FB)
BTS Letter Head
BTS Letter Head
Download
advertisement