That Cyber Thread

[Majestik Møøse]

This is correct and part of the AFNET's intended design. It's called an Area Processing Center. Your email, and soon to be ShareDrives is (probably) no longer hosted at your base, it's happening remotely.

So files on the network will take as long to load as Sharepoint? That's great. That also explains why my email boxes take so long to sync.

[dvlax40]

Can anyone address the stupidity in moving all the comms BACK into Cheyenne mountain? As a civilian working for the sub contractor that built all the interface equipment in 2007 im absolutely livid at Raytheon for this about face cash grab /rant

[HU&W]

Can anyone address the stupidity in moving all the comms BACK into Cheyenne mountain? As a civilian working for the sub contractor that built all the interface equipment in 2007 im absolutely livid at Raytheon for this about face cash grab /rant

Don't worry too much. Someone will get promoted right now for consolidating all the data to reduce cost. In a few years, someone else will get promoted for decentralizing the networks, thereby increasing speed, reliability, and survivability.

[zach braff]

What is this? What does it mean?

Task Force Cyber Secure

http://www.af.mil/News/ArticleDisplay/tabid/223/Article/582062/air-force-stands-up-task-force-cyber-secure.aspx

zb

[SurelySerious]

This is correct and part of the AFNET's intended design. It's called an Area Processing Center. Your email, and soon to be ShareDrives is (probably) no longer hosted at your base, it's happening remotely.

http://www.af.mil/News/ArticleDisplay/tabid/223/Article/123563/area-processing-center-consolidates-mail-file-sharing.aspx

But I can still only have 50MB of emails, a la 1995 Yahoo!?

[mudhen69]

Heard in a staff meeting on 6 Dec 1941....

Lets park all of the planes tightly together in the middle of the airfield so we can guard them easier.

This is correct and part of the AFNET's intended design. It's called an Area Processing Center. Your email, and soon to be ShareDrives is (probably) no longer hosted at your base, it's happening remotely.

http://www.af.mil/News/ArticleDisplay/tabid/223/Article/123563/area-processing-center-consolidates-mail-file-sharing.aspx

[Fuzz]

Heard in a staff meeting on 6 Dec 1941....

Lets park all of the planes tightly together in the middle of the airfield so we can guard them easier.

Dammit that was supposed to be an upvote.

But I can still only have 50MB of emails, a la 1995 Yahoo!?

^this, 17D if you can answer only one question please tell me why my free gmail account allows me 15GB of space but I only get whatever the ridiculously small amount through the AF.

[HU&W]

^this, 17D if you can answer only one question please tell me why my free gmail account allows me 15GB of space but I only get whatever the ridiculously small amount through the AF.

Because everyone in the AF has their own desk and computer that's assigned to just them. That way you can have a .pst on a big hard drive to download all those 15MB emails advertising CGOC golf tournaments that would otherwise shut down your email account in a single weekend.

[SurelySerious]

Assumption: Green is the sarcasm font.

Probably also required:

Edited April 10, 2015 by SurelySerious

[stract]

That way you can have a .pst on a big hard drive to download all those 15MB emails advertising CGOC golf tournaments that would otherwise shut down your email account in a single weekend.

So that just happened at KIKR last month. An email from the CCC no less, with a 15 MB attachment. The CS actually sent out an email to everyone telling them to log on to webmail to delete said email, which of course no one received b/c of said 15 MB email bogging the servers down to a standstill. Took 3 days to unfuck the situation.

I wish people would learn 1. you can upload larger files to sharepoint then email out the link! or 2. you can said your 15 MB ppt as a PDF and/or "optimize" to discard cropped portions of photos to reduce the file size.

[matmacwc]

We did migration today, complete loss of email systems, terrible power point instructions. Most of us are still not up, but that isn't a bad thing.....

[SuperWSO]

What is this? What does it mean?

Task Force Cyber Secure

http://www.af.mil/News/ArticleDisplay/tabid/223/Article/582062/air-force-stands-up-task-force-cyber-secure.aspx

zb

Leadership has seen the news and knows Cyber is important. TFCS shows we are doing something.

Same with the Cyber Mission Force (CMF) and Cyber Protection Teams (CPT). It probably won't work at first or for a long time but by flailing wildly, we are showing that we are doing "something"

[17D_guy]

What is this? What does it mean?

Task Force Cyber Secure

http://www.af.mil/News/ArticleDisplay/tabid/223/Article/582062/air-force-stands-up-task-force-cyber-secure.aspx

zb

The AF has been looking to "secure" NIPR for a long time. Patches, Detection Systems and all that. However, we've been securing PMO systems by writing little slips of paper that say "We can't patch this and it's a mission system, so fuck off."

Inspections of the network took those slips of paper and used them to stop "attackers" from doing bad things to your email.

Well, that's not how things actually work. So DISA is now doing full, no-notice CCRI's that include ALL systems on the network. PMO (ex. PEX and Medical), SCADA (CE's environmental systems), NIPR/SIPR and other.

The AF has not looked at the network, cyber.. whatever as a whole domain. Sure.. all those servers are patched, but that CE network isn't, and it rides NIPR or is otherwise exposed to the internet. So I don't have to attack the servers.. I turn off the AC/power to the server room and generate an effect.

These team is to reach really long arms around the whole domain for the AF and stop looking at it as stove-pipes. This becomes even more serious with the networking capabilities of the 5th Gen fighters.

[17D_guy]

But I can still only have 50MB of emails, a la 1995 Yahoo!?

Dammit that was supposed to be an upvote.

^this, 17D if you can answer only one question please tell me why my free gmail account allows me 15GB of space but I only get whatever the ridiculously small amount through the AF.

Because everyone in the AF has their own desk and computer that's assigned to just them. That way you can have a .pst on a big hard drive to download all those 15MB emails advertising CGOC golf tournaments that would otherwise shut down your email account in a single weekend.

Are you happy with the service and availability of your email now? Do you think more space would make it better? Not a /s question.

There's a few reasons:

1) Google is a professional service organization that uses your email to sell you shit

2) They have good engineers

3) They don't use the lowest bidder

4) Did I mention the engineers?

5) They throw more money at gmail than the AF throws at the whole Cyber enterprise

However, you're looking back a little too fondly. GMail didn't come around until 2004 (invite only), opened wide in 2007 and dropped the beta tag in 2009. We can debate the meaning of "beta" but Google felt it was a product that had to come with a default warning.

Also, you access through a web interface and not Outlook. Outlook is chatty and laggy. Your speed connection to the APC determines how fast you're going to access your email. If you're in Osan and your APC is Andrews... you go to Andres. Google can mirror your data around the world. We can't.

Google also has overall less regulations that bind it's hands when rolling out services to new customers (say hi to your records custodian for me).

AF doesn't have the engineers, doesn't have the cash and frankly doesn't think either of those things are a problem. There have been serious failures with the APC model. I'm not sure I can get into it on here. Lets just say that the AF doesn't commission or enlist data center experts, but thinks that we're going to do it on our own w/ those online Masters. Our data centers are awful. More space won't fix it. You'll probably have less availability.

If you guys just made it to General and became a Tier 1 user you'd have unlimited space. What's the problem?

So that just happened at KIKR last month. An email from the CCC no less, with a 15 MB attachment. The CS actually sent out an email to everyone telling them to log on to webmail to delete said email, which of course no one received b/c of said 15 MB email bogging the servers down to a standstill. Took 3 days to unfuck the situation.

I wish people would learn 1. you can upload larger files to sharepoint then email out the link! or 2. you can said your 15 MB ppt as a PDF and/or "optimize" to discard cropped portions of photos to reduce the file size.

Happened here as well. Chapel sent out a 30Mb advert. We had a FSS Family person thing bug my Commander about getting rights to send another flyer to the whole base. I tried to convince the AO that they should host it on SharePoint and send a notice it was there. Nope, "It's small, it won't be that big a deal."

O6's get involved.

I now have an auto-delete rule and I think those that don't get a 1Mb flyer every week.

We did migration today, complete loss of email systems, terrible power point instructions. Most of us are still not up, but that isn't a bad thing.....

I'm assuming you're AFNG.

Godspeed.

[HU&W]

Are you happy with the service and availability of your email now? Do you think more space would make it better?

No. Yes.

I did use the sarcasm font earlier, but there was quite a bit of truth to my post. During the years I spent as a support officer, and even when I was enlisted, I always had my own computer. Since becoming a pilot, I've always used whatever workstation is available since everything is shared. It's a totally different mindset when you only have 100MB. Period. Including for archiving the important stuff.

Also, webmail is buggy. It used to be better, but it doesn't play well with encryption. Especially with all the newest rules and algorithms that are supposed to protect PII by limiting access to attachments. Outlook is definitely not the smoothest interface out there, but at least it works.

[magnetfreezer]

No. Yes.

I did use the sarcasm font earlier, but there was quite a bit of truth to my post. During the years I spent as a support officer, and even when I was enlisted, I always had my own computer. Since becoming a pilot, I've always used whatever workstation is available since everything is shared. It's a totally different mindset when you only have 100MB. Period. Including for archiving the important stuff.

Also, webmail is buggy. It used to be better, but it doesn't play well with encryption. Especially with all the newest rules and algorithms that are supposed to protect PII by limiting access to attachments. Outlook is definitely not the smoothest interface out there, but at least it works.

17D - with most of the fileservers being local, is allowing PSTs on share drives a valid workaround? It seems in the age of 3TB hard drives and even larger RAID the fileservers should be easier to upgrade than an email server.

[Fuzz]

17D, Yes more space would help, since I don't have a desk to call my own and am constantly TDY. 100MB is beyond absurd, Yeah if I had 1GB we'd probably complain, but when one email attachment fills my inbox and at the the same time my old AOL account has 1000s of emails going back years, it's laughable.

ETA: 17D thanks for taking the time to answer questions even with all the gripes being lobbed your way, I've learned more about cyber clusterfuck in the last couple days than I ever knew.

Edited April 11, 2015 by Fuzz

[17D_guy]

No. Yes.

I did use the sarcasm font earlier, but there was quite a bit of truth to my post. During the years I spent as a support officer, and even when I was enlisted, I always had my own computer. Since becoming a pilot, I've always used whatever workstation is available since everything is shared. It's a totally different mindset when you only have 100MB. Period. Including for archiving the important stuff.

Also, webmail is buggy. It used to be better, but it doesn't play well with encryption. Especially with all the newest rules and algorithms that are supposed to protect PII by limiting access to attachments. Outlook is definitely not the smoothest interface out there, but at least it works.

Believe me when I say I understand the workstation requirements that the Ops group is under. As I've said other threads, I've made it a point to get over with the Mission folks to get their bead on things. You guys don't all have workstations. At my location the Training Sq doesn't even have a 5:1 ratio.

I've also not given myself the extra space a higher tier user would get, because if the masses are suffering with 90mbs I need to figure it out. Not saying that to brag or anything, but I believe our leadership doesn't understand how little that space really is. Perspective is key when dealing with these things and being out of touch is a serious problem.

I don't know why the powers that be decided that little space would be adequate for most of us. 90 Mbs.. is nothing. 1/2 of that is one music album these days or maybe 10 pictures.

But the AF decided that was the size, and we're trying to make it work. Perhaps once the APC's have stabilized we'll be able to add more space. I hope so.

[stract]

like someone else suggested, being able to have your .pst live on the shared drive would also do the trick. The key is needing to be able to access those emails from any work station. Not sure if it would be easier to put the storage burden on the local server farm or on the enterprise email servers...

I've always wondered if there was a way to leverage all the 500 mb hard drives installed in all the desktops on the network to create more networked storage space.

[17D_guy]

17D - with most of the fileservers being local, is allowing PSTs on share drives a valid workaround? It seems in the age of 3TB hard drives and even larger RAID the fileservers should be easier to upgrade than an email server.

No. PST's aren't allowed to reside on the fileshare. There's good reason for this. PST's get huge, into the GBs. You really should try to keep them below 2Gb or they start to corrupt. You can keep organizational PST's on the share. Legit org, like a flight's org box or a CSS org box. Plus those legit boxes can get increased size as well. Talk to your CS.

Additionally your file share.. clean that shit out fellas and ladies. We're doing scans at the wing king's direction and there's so much duplicated data that's just eating space. I know to you guys it's "free" but imagine if that was paper docs. That space is precious to us for numerous reasons below.

1) Regulations - Your electronic records should be filed in accordance with your file plan. A fair chunk of your emails probably could be filed under this. The CS is required to make sure the ERM drive is big enough to support that. We are not required to maintain the Share Drive. That's right. The ERM drive and Share Drive both run off the same equip. Which leads to more problems -

2) Tech Challenges - Sure, we could connect a 3TB disk via usb to the SAN (Storage Area Network has diagrams). It'll void the storage array warranty (haha, just kidding. ACC didn't pay for it to be continued, but didn't bother to tell us.) The storage stuff isn't as easy as plugging in another hard drive. The APC have had problems because they populated storage arrays with different speed disks (ex. 10K vs 5Krpm) and its causes write/read errors. There are whole certifications around the management of data and data storage products.

Just look at the product break down here - EMC Toys

So, we have to get vendor approved hard drives, installed by trained professionals (i.e. generally not my Amn) and expand the arrays through their software tools.

Now, we can buy more drives. Except that they're usually red/business/special and cost much more than your normal drive. Here's a EMC approved 15K RPM, 1.7TB drive.. for ~$14K. Much like our aircraft I can't pop down to Frys/Best Buy and stick any hard drive in this specialty equipment.

3) Programming Challenges - I don't mean code, I mean money. Your base stuff is old (probably). Almost all of our expansion/new stuff is fought over at end of year. I'm not going to get into how much of my current bases equipment is pushing against the EOL/EOS. Just this year the AF decided to move off of Windows Server 2003. Why? Because MS said they were going to charge millions for continued patches past the July drop dead date. Even this move was couched with "show us if you really need it and we might pay."

This is a double impact. I can't get a new array when it starts failing, because Comm/Cyber support equipment doesn't get regular updates from MAJCOM/HQAF. We fight for end of year funds to make sure we can expand services (VoIP) or continue with vendor warranties and/or equip. Imagine if you had to fight for F16 block upgrades at end of year against the new gym/finance offices. Kinda like that.

Remember when I said we weren't required to support a shared drive? This is why. If we were, it might get programmed against.

4) Old. Sure I kinda mentioned this before, but think about how well old hard drives work. Touchy, special dedicated hard drives. I've no kidding seen a 50% disk failure rate on a base's share drive array. And the only thing you can do is plunk down more $$$ and hope they work. Once the disks are no longer provided by the vendor all bets are off.

Now - I bitch about the APC's and move to consolidate. BUT - this is where things are getting programmed against and regular updates are being applied. The cash isn't flowing to your bases even close to the way it was, but it is flowing to these Orgs. So, that's better. Unfortunately, the service isn't on-par with what can be supplied locally. I'll have another post about consolidation, security and cyber later.

It's Friday and my D&D group is starting. Hope this answered your question, I rambled a bit.

EDIT -

TL;DR - Regulations, Money, old tech and specialized equipment make PST's on the network shares bad. But mostly expensive old specialized equipment.

Also, I'm trying to spell out all the acronyms, but if I miss one let me know.

Edited April 11, 2015 by 17D_guy

[17D_guy]

It's a long read. But this article goes into good detail about how the Great Firewall of China works.

It also details the new state-cyber weapon (coined as the Great Cannon) that was used to take down github.com and greatfire.org

http://citizenlab.org/2015/04/chinas-great-cannon/

It is also a good write up of enumeration and discovery on a foreign network and "cyber-minded" thinking that the Cyber-muckety mucks are talking about.

Edited April 12, 2015 by 17D_guy

[Jaded]

We are the cyber service and we don't have airmen qualified to install hard drives? That's insanity. I feel bad for you man. The whole enterprise seems like it's run by people who don't understand technology. Tech company CEOs are people who have been in the game for decades - we need to get real experts in at the top level to fundamentally change the way we do IT.

[17D_guy]

We are the cyber service and we don't have airmen qualified to install hard drives? That's insanity. I feel bad for you man. The whole enterprise seems like it's run by people who don't understand technology. Tech company CEOs are people who have been in the game for decades - we need to get real experts in at the top level to fundamentally change the way we do IT.

What? It's not that they don't know how to install hard drives. I guess I didn't communicate that well.

Many warranties require certified technicians to install equipment. It's not always the case, but those nuances are the reality of the situation.

You do have Airmen (both O&E) designing networks for base support that aren't up to industry standards. It's a lack of experience, and the fact that... we can't get people to that level in AD most of the time. It's also a problem with the increasing complexity of today's tech systems.

We're having issues with that right now where the base network works, but we're trying to interface with a DISA service.. and we're unable to because of configuration issues. The ANG has a really big advantage here. I've worked with some ANG CCIE's, and the E&I teams used to be all ANG. The ANG can hire, and retain the pro's. I've got to try and build an Amn, that's got all the queep (and more) that we complain about, plus deployments and PCS's after 3~5 years to a base with mostly a different architecture.

Also, we're not the Cyber Service. We're the Air Force and we excel at Cyber but lets not act like with the way we're currently arranged we're placing a real focus on the leadership Cyber (support). I can't speak for Cyber (offense). We're not penny pinching on aircraft weapons systems, but every Cyber initiative automatically gets a cut off the top and then the negotiations begin.

[Dupe]

I see us as getting out of the cyber infrastructure operations business and outsourcing it. The Navy already has.

[JarheadBoom]

I see us as getting out of the cyber infrastructure operations business and outsourcing it. The Navy already has.

NMCI sucked pus-covered gangrenous donkey balls while I was in the other service; I haven't heard anything in the years since to indicate it's gotten any better.

The green-ness of the grass on that side is an illusion.

Edit: spell more gooder

Edited April 13, 2015 by JarheadBoom