Embed Size (px)
Citation preview
NASA IV&V IT Support NASA IV&V IT Support Methodology for IV&V Methodology for IV&V
ContractorsContractors
Presented by IT Management and Presented by IT Management and Network OperationsNetwork Operations
IntroductionIntroduction
NASA IV&V IT support team was tasked to NASA IV&V IT support team was tasked to determine a support methodology for new determine a support methodology for new IV&V contract upcoming later this year. IV&V contract upcoming later this year.
This support methodology needed to be This support methodology needed to be fair, secure, flexible and amenable to all fair, secure, flexible and amenable to all involved.involved.
GoalsGoals
Support all IV&V Contractors uniformlySupport all IV&V Contractors uniformly Solutions for both Large and Small IV&V ContractorsSolutions for both Large and Small IV&V Contractors Give IV&V Contractor flexibility/access control of their Give IV&V Contractor flexibility/access control of their
own systemsown systems Follow NASA Enterprise Architecture approachFollow NASA Enterprise Architecture approach Ensure NASA requirements are met and followed Ensure NASA requirements are met and followed
(http://Standards.nasa.gov and http://nodis.hq.nasa.gov )(http://Standards.nasa.gov and http://nodis.hq.nasa.gov ) Define clear delineation of tasks between Contractor and Define clear delineation of tasks between Contractor and
IT support teamIT support team IV&V Contractor to be seen as part of NASAIV&V Contractor to be seen as part of NASA
Current ParadigmCurrent Paradigm
IV&V Contractors have many exceptions IV&V Contractors have many exceptions to the rule to the rule
Current contractor with a Firewall within Current contractor with a Firewall within NASA IV&V’s networkNASA IV&V’s network
Another current contractor that maintains Another current contractor that maintains two computers on each desktwo computers on each desk
IssuesIssues
Difficult to support and determine Difficult to support and determine responsibilitiesresponsibilities
Contractor Firewall implementation causes Contractor Firewall implementation causes poor performance to IV&V Tools Labpoor performance to IV&V Tools Lab
All contractors are not treated the same All contractors are not treated the same from an IT support perspective from an IT support perspective
Cannot meet IT POP Call and IT Security Cannot meet IT POP Call and IT Security requirements (Data Calls, Budget, etc.)requirements (Data Calls, Budget, etc.)
SolutionSolution
Each IV&V Contractor maintain their own Each IV&V Contractor maintain their own network/connectivity (Adelphia, T1, abc.com)network/connectivity (Adelphia, T1, abc.com)
NASA IV&V is a landlord providing each IV&V NASA IV&V is a landlord providing each IV&V contractor space, electricity, phone service and contractor space, electricity, phone service and access to IV&V contractor networkaccess to IV&V contractor network
Provide space in 129C with locked cabinets for Provide space in 129C with locked cabinets for each IV&V contractor’s hardwareeach IV&V contractor’s hardware
NASA IV&V to leverage endpoint security and NASA IV&V to leverage endpoint security and remediation measures to ensure IT Security for remediation measures to ensure IT Security for access to Tools Lab and other NASA resourcesaccess to Tools Lab and other NASA resources
Connection to NASA
1 Comm-link
1 PC
1 Server
1 Router
1 Firewall
1 Switch
1 DSU/CSU
2 Patch panel
1Smartcard
reader
1Super
computer
1 Cloud
Legend
Symbol Count Description
Legend Subtitle
Corporate Internet connection
`
Contractor PC with NASA Cisco Client to access NASA Resources
Contractor Server(or can be in 129C)
Contractor Router to Internet
Contractor Firewall/VPN
Contractor 10/100 Switch
Contractor CSU/DSU
All Equipment will be in a locked contractor cabinet in Room 129C and is purchased and maintained by contractor
NASA Provided Patch Panel (24 ports per contractor) Real number TBD
NASA Provided Patch Panel (1 connection Per Contractor)
NASA Smartcard reader provided by NASA on a case by case basis
Contractor Network physically resides inside NASA IV&V but has .com address and outside ivv.nasa.gov domain space
NASA Responsibilities1. Physical connectivity of Internet connection to CSU/DSU2. Patch panel and wiring between Contractor 10/100 Switch and Contractor PC3. Agent to connect to NASA Resources for collaboration (Calendaring, Tools Lab) Note: when connecting to NASA Network your computer will be checked for appropriate patch levels and Antivirus. If it does not meet acceptable levels then that system will not be able to to proceed to ivv.nasa.gov 4. Ensure compliance of NASA Standards and CIO directives (Smartcard, Enterprise Architecture, and e-Presence)5. Provide Smart Card and access Badge for onsite personnel6 Provide Remote Access Dialup Services7. Provide Phone/Voice Mail access and services8. Rewrite IT Security Plan (Both Center and General Systems) to incorporate new Methodology9. Provide Storage Space for electronic files for NASA Projects and give contractors access
Contractor Responsibilities1. Report Patch Levels for all systems2. Report Virus Attacks on a monthly basis3. Quarterly Scans of systems and reporting the comply with NASA GITSVITS4. Reporting of inventory control on a quarterly basis5. IT Security Plan to meet NPR 2810.1X requirements6. Administrative Staff for installation of Hardware/Software7. Purchasing of Hardware/Software for Corporate infrastructure side applications (All Hardware/Software purchases need to comply with NASA Min Hardware/Software standards) and any other NASA NPR/NASA Standard/NASA CIO/GSFC CIO directive. (Note: All hardware in these white boxes are the responsibility of the contractor.8. Backup all Server and workstations in accordance with IT Security Plan9. Provide capability (E-mail, Groupware, Calendaring) that is interoperable with NASA Architecture and standards10. Provide Secure IM capability11. Provide Storage Space for electronic files12. Provide printer access, maintain supplies13. All storage/Library materials will be stored offsite14. Provide Group collaboration capability (WebEx fee)
Connect to NASA IV&V with Cisco VPN and agent to Tools Lab and other NASA resources. While connected to VPN user
will be on NASA’s Network and access Internet through NASA
WAN
Room 231 Upstairs Area
Room 129C
IV&V TestBed (TBD)129C
2 PC
1 Server
1 Router
1 Firewall
1 Switch
1 DSU/CSU
1Smartcard
reader
1 Comm-link
1 Printer
1 Modem
1 Telephone
1Super
computer
Legend
Symbol Count Description
Legend Subtitle
`
NASA PC
NASA Servers: E-mail, Calendaring, Trackwise,
Tools Lab
NISN Router
NASA IV&V Firewall/VPN
NASA Switches
NISN CSU/DSU
NASA Smartcard
reader
Contractor Supported by NASA and Subcontractors (Option 4)
NASA Responsibilities1. All Network connectivity2. All Hardware/Software for PC’s/Servers, Tools Lab3. Offsite user support :Cisco Agent to connect to NASA Resources for collaboration (Calendaring, Tools Lab) Note: when connecting to NASA Network your computer will be checked for appropriate patch levels and Antivirus. If it does not meet acceptable levels then that system will not be able to to proceed to ivv.nasa.gov 4. Ensure compliance of NASA Standards and CIO directives (Smartcard, Enterprise Architecture, and e-Presence)5. Report Patch Levels for all systems monthly6. Report Virus Attacks monthly 7. Quarterly Scans of systems and reporting to comply with NASA GITSVITS8. Reporting of inventory control on a quarterly basis9. IT Security Plan to meet NPR 2810.1X requirements10. Administrative Staff for installation of Hardware/Software11. Purchasing of Hardware/Software for NASA infrastructure side applications (All Hardware/Software purchases need to comply with NASA Min Hardware/Software standards) and any other NASA NPR/NASA Standard/NASA CIO/GSFC CIO directive. 12. Backup all Server and workstations in accordance with IT Security Plan13. Provide e-Pesence capability (E-mail, Groupware, Cal)14. Provide Smart Card and access Badge15. Provide Secure IM capability16. Provide Storage Space for electronic files17 Provide Remote Access Dialup Services18. Provide Phone/Voice Mail access and services19. Provide printer access, maintain supplies
Contractor Responsibilities1. Report issues to Help desk 2. Provide Group collaboration capability (WebEx fee)3. Offsite Computers that access NASA IV&V through VPN.4. All storage/Library materials will be stored offsite5. IT Security Plan which abides by the Facility Security Plan and is in compliance with NPR2810.1x
Room 118
`
Offsite Contractor with VPN Computer to be provided by contractor
NASA NISN T1's
NASA BW/Color
Printer/Plotter
NASA Dialin Access for remote users
VoIP Phone/Voice mail
NASA IV&V TestbedRoom 129C
Solution-ContSolution-Cont Ensures Support to each IV&V contractor uniformlyEnsures Support to each IV&V contractor uniformly
Access NASA IV&V resources through VPN/Agent/SSLAccess NASA IV&V resources through VPN/Agent/SSL Solutions for both Large and Small IV&V ContractorsSolutions for both Large and Small IV&V Contractors
The VPN/Client can support a little as one and as many as 500 users The VPN/Client can support a little as one and as many as 500 users The IV&V Infrastructure will be designed to support 3 contractors with The IV&V Infrastructure will be designed to support 3 contractors with
24 users per contractor in the Facility (This excludes the space issues)24 users per contractor in the Facility (This excludes the space issues) The solution will allow for contractor growthThe solution will allow for contractor growth For small IV&V contractors little IT support is needed For small IV&V contractors little IT support is needed
(The support is based upon the amount of infrastructure allocated at IV&V)(The support is based upon the amount of infrastructure allocated at IV&V) Give IV&V Contractor flexibility/accessGive IV&V Contractor flexibility/access
Access to corporate networkAccess to corporate network Access to NASA resourcesAccess to NASA resources Maintain own equipment and control Maintain own equipment and control
Solution-ContSolution-Cont
Ensure NASA requirements are metEnsure NASA requirements are met Within NPR 2810.1x and GPG 2810 Guidelines.Within NPR 2810.1x and GPG 2810 Guidelines. Maintain Security of NASA IV&V Systems Maintain Security of NASA IV&V Systems Ensure all systems are patched and have current Ensure all systems are patched and have current
virus definitions before accessing IV&V networkvirus definitions before accessing IV&V network Support for NASA Smart Card initiativeSupport for NASA Smart Card initiative Support for OneNASA e-PresenceSupport for OneNASA e-Presence Support for NASA Enterprise ArchitectureSupport for NASA Enterprise Architecture
Solution-ContSolution-Cont
Define clear delineation of tasks between IV&V Define clear delineation of tasks between IV&V contractor and IT support teamcontractor and IT support team Will be a physical demarcation for each contractor Will be a physical demarcation for each contractor
Contractor to be seen as part of NASAContractor to be seen as part of NASA VPN access will allow user/computer to be part of VPN access will allow user/computer to be part of
ivv.nasa.gov domainivv.nasa.gov domain User in X.500 (PKI will be available)User in X.500 (PKI will be available) VPN user’s computer treated as a part of IV&V VPN user’s computer treated as a part of IV&V
because of the rules that will be setbecause of the rules that will be set
Further RecommendationsFurther Recommendations
Ensure all contractors follow NPR 2810.1x Ensure all contractors follow NPR 2810.1x requirementsrequirements
Contractors maintain their own IT security plan Contractors maintain their own IT security plan Report Scans, viruses, patches, to NASAReport Scans, viruses, patches, to NASA Follow all NASA Standards (Hardware/Software) Follow all NASA Standards (Hardware/Software)
for development activities especially when for development activities especially when delivering tools to NASAdelivering tools to NASA
Determine IV&V Testbed and how it will be Determine IV&V Testbed and how it will be managed (ToolsLab?)managed (ToolsLab?)
ScheduleSchedule
Initial Deployment January 2005 (IDS Initial Deployment January 2005 (IDS system)system) Intrusion Detection System (IDS) Will check Intrusion Detection System (IDS) Will check
for anomalous IP trafficfor anomalous IP traffic
Full deployment July 2005 (IDS, VPN, Full deployment July 2005 (IDS, VPN, Endpoint security measures, Virus Endpoint security measures, Virus checking, OS Patches (Windows only)checking, OS Patches (Windows only)
SummarySummary
Fulfills NASA and contractor requirementsFulfills NASA and contractor requirements Maintains security of NASA resourcesMaintains security of NASA resources Ensures maximum authority/flexibility for Ensures maximum authority/flexibility for
IV&V ContractorIV&V Contractor
