US BICES-X TNE - Jul 15

Download Report

Transcript US BICES-X TNE - Jul 15

UNCLASSIFIED
US BICES-X TNE Introduction and Services
2 June 2015
UNCLASSIFIED
UNCLASSIFIED
Training Overview
• Introduction
• Account Request Process
• Support Documents and Help Process
• Summary
UNCLASSIFIED
2
UNCLASSIFIED
US BICES-X Mission and Purpose
• The DoD requires an enduring, secure information sharing
capability with partners around the world
• US BICES-X provides a system capable of conducting planning
through execution of any mission or operation
• US BICES-X is capable of bilateral and multinational
communications and ensures the security and the releasable
aspect of all information
UNCLASSIFIED
3
UNCLASSIFIED
What is US BICES-X
• US BICES-X is not a traditional network but rather a
cross-domain solution that connects multiple networks
• The United States and several partner networks are connected
via US BICES-X:
– US SIPRNet
– United States Battlefield Information Collection and Exploitation
System (US BICES) Network
• 28 NATO Countries + 7 Non-NATO Countries
– Bilateral connections to various single country networks
UNCLASSIFIED
4
UNCLASSIFIED
Trusted Network Environment® (TNE)
• The Trusted Network Environment (TNE) is an environment within
US BICES-X that controls access to data sent via 3 services
(Email, Chat, and File Share)
– Separate accounts are required for access to TNE Chat and File
Share services
– TNE is a classification-based environment based on the network the
user is gaining access from
US BICES-X
Trusted Network Environment (TNE)
TNE Services Available:
Email
File Manager
UNCLASSIFIED
Chat
5
UNCLASSIFIED
TNE Method
• The 3 TNE services have 2 common features:
– Items are marked with classification markings
(email message, chat room, and files)
– Classification markings determine who has access to it
• TNE files are posted to one data repository where all users
can view the information if it contains a classification
commensurate with their connected network
• A classification marking of Secret dominates TNE
EXAMPLE:
File A labeled “Rel to Zz” and File B labeled “Rel to Yy” can be in
the same database
Users from the Zz network can only see file A, but not file B
UNCLASSIFIED
6
UNCLASSIFIED
TNE Account Request
• Users will contacts the Coalition Support Service Desk (CSSD)
• The CSSD will email users an Account Request form to be
completed and returned to the CSSD
• The CSSD will submit a ticket for the new account
– Attach the completed Account Request form to the ticket
– A TNE Administrator will create the account
– Users will receive their new account user name and initial password
via an email message once their account is created
UNCLASSIFIED
7
UNCLASSIFIED
User Support
• User can contact the CSSD for help with:
–
–
–
–
–
New Account Requests
Account Lock Out/Password reset support
System outage help
Slow system help
Contact numbers provided at the end of this presentation
UNCLASSIFIED
8
UNCLASSIFIED
Help Documents and Training
• Numerous help documents are available
– User Guides
– Manuals
• Training
– Training slides
– Training classes
• Presented by US BICES trainers
UNCLASSIFIED
9
UNCLASSIFIED
Workstation Access
• Log onto your participating workstation using the credentials (user
ID and password) provided when your account was created
• Your workstation has been configured to allow you access to TNE
workstation based services
– Email
– File sharing*
– Chat*
• If your workstation is not configured to access the TNE services
contact your local network administrator
*TNE User Accounts Required for Access
UNCLASSIFIED
10
UNCLASSIFIED
Email
UNCLASSIFIED
11
UNCLASSIFIED
Email Overview
• Most common communications tool used to transmit messages or
information across a network between two or more individuals or
groups
• Use the Email application available on your local network
• All Emails transiting TNE must contain a classification line as the
first line in your email
UNCLASSIFIED
12
UNCLASSIFIED
Email Requirements
• All messages must meet these requirements:
– Contain a classification and caveats text line above and below the
body of the message
– Formatted in plain text vs. html
– There currently is no size limits in TNE, but your local network may
have limits
UNCLASSIFIED
13
UNCLASSIFIED
Classifications and Caveats
• All messages must contain a classification and caveat identifier at
the top and bottom of the body of the message
• There are 3 classifications for CPN messages:
– Unclassified
– Confidential
– Secret
• There are many caveats (stipulations) to select from
– Refer to your local security classification guide for details
– See the classification tool on the next slide for details
UNCLASSIFIED
14
UNCLASSIFIED
Classifications and Caveats (cont)
• All messages must have a caveat
• Classification//REL Caveats, (Caveats)
SECRET//REL TO USA, XXX
CONFIDENTIAL//REL TO USA, XXX
UNCLASSIFIED//REL TO USA, XXX
Classify for Windows
• Classification Tool
–
–
Most Windows workstations have a
classification program to classify and
caveat messages
EUCOM SIPRnet uses Classify for
Windows and EUCOM bilats and
BICES use MW Classify
• No Classification Tool
–
If a classification tool is not available, you
can manually enter a classification line at
the top of your email
• Make sure it is in the appropriate format
• Example: SECRET//REL TO USA, CAN
UNCLASSIFIED
*When sending an attachment, you
must select the same classification for
class with and without an attachment!
15
UNCLASSIFIED
Rejected Emails
• Messages that are incorrectly
classified will be rejected by the
system
• Rejection message is the same
for any issue
– HTML vs. Plain text
– Classification error
– Release statement error
UNCLASSIFIED
16
UNCLASSIFIED
Plain Text Format
• All messages that travel across
TNE are required to be formatted
in plain text and not HTML
• Format and write your message
* in plain text or your html
message will lose its meaning
when viewed in plain text
• To select plain text click the Format Text tab
• Click the Plain Text button and verify it stays enabled (yellow color)
• Type your message
UNCLASSIFIED
17
UNCLASSIFIED
HTML to Plain Text
• If you fail to type your message
in plain text but realize it before
you send: switch it to plain text
• Click the Plain Text button and
then click the Continue button
to change the format
• Note – messages sent
within a country may
be sent formatted
in HTML. In country
messages do not cross
TNE thus plain text
is not a requirement
UNCLASSIFIED
18
UNCLASSIFIED
Addressing Messages
• There are two options to address a message
– Click the To button and use your in-country list
– Type the address of the individual in the text box next to the
To button
• Separate multiple addresses with a semicolon (;)
• There is no Global Address Listing (GAL)
or directory to show all email addresses
across the networks and all countries
• Your local network GAL will only lookup
other uses on your network
• It is recommended that users find and
contact key counterparts to build
personalized email listings in order to
conduct business
• A global address list is under development and will be available
on the TNE web
UNCLASSIFIED
19
UNCLASSIFIED
Addresses
• Email address extensions for EUCOM connected networks
Network
@ Address
SIPRNet
mail.smil.mil
US BICES
EC-01
bices.org
EC-02
usxx.srel.mil
EC-03
usxx.srel.mil
xxxx.srel.mil
UNCLASSIFIED
20
UNCLASSIFIED
Send
• When all aspects of the message have been addressed press
the Send button to transmit the message
UNCLASSIFIED
21
UNCLASSIFIED
Email Dirty Words
• Email has a feature that checks for text in an attachment or body
of the message that are considered “dirty”
• A dirty word could be an indicator the message classification
should be kept Secret
• Dirty words will be stripped from attachments by TNE
• If a dirty word is in the body of a message it will be rejected by
TNE
• Dirty Word Examples
– Secret – “SECRETary” or “The secret to success is planning…”
• In both examples the dirty words feature will not allow an email
message to be classified as confidential or unclassified
• If a message you think is not Secret will not reach you intended
recipient please submit a ticket to request administrator
assistance with trouble shooting and possibly placing a word like
“secretary” on the clean word list
UNCLASSIFIED
22
UNCLASSIFIED
File Manager
UNCLASSIFIED
23
UNCLASSIFIED
File Manager Overview
• Users who want to share information (files) will be able to
access/share authoritative data and finished Intelligence,
Operations, and Plans products
• All finished products can be accessed or posted within the TNE
File Manager
• Uploaded files are automatically labeled at the HIGH of their
network connection
• Within this established framework, a logical folder structure will be
set up by subject area, to facilitate easier access to shared and
posted finished products:
– Category 1 User = Download/Upload/Relabel permissions
– Category 2 User = Download/Upload permissions
– Category 3 User = Download permissions
UNCLASSIFIED
24
UNCLASSIFIED
Levels of Access and Responsibilities
Users will be granted permission to operate within three user
categories, or levels of access:
Category 3 (Download files in shared folders) – Majority of Category 3
users must identify any inappropriately marked products to a Category 1
user
Category 2 (Download and Upload files to shared folders) – Users will be
allowed to:
1. Manage content on assigned folders
2. Upload documents on behalf of Category 3 users, as required
Category 1 (Download, Upload, and Relabel) – Users will be allowed to
change classification and releasable information in the shared folders
1. Accounts will be restricted to Foreign Disclosure Officers,
Disseminators, nationally appointed release authorities, and
administrators only
2. Only authorized to relabel files they own and cannot relabel files
uploaded by other users.
UNCLASSIFIED
25
UNCLASSIFIED
Verify Your Access Category
• The title bar of your browser will verify your level of access
• It will state “CATX”, where the “X” is a 1, 2 or 3 indicating access
category
UNCLASSIFIED
26
UNCLASSIFIED
Access File Manager
• Open a browser and enter the address provided
in your account creation message
• The first time you access the TNE
web you may be required to accept
the TNE certificate
• Accept the consent notice
• Enter your credentials and click OK
• First time users must reset their password
UNCLASSIFIED
27
UNCLASSIFIED
Reset Password
• First time users must reset their password after initial log in
• All users must reset their
password every
60 days
• Please note the
restrictions of the new
password on the change
password page
UNCLASSIFIED
28
UNCLASSIFIED
Welcome Screen
• The Welcome Screen shows when your password expires
UNCLASSIFIED
29
UNCLASSIFIED
Access File Share (cont)
• On the Welcome Page look for the
Applications menu and click the
New Explorer Library link
• It opens a Windows Explorer type
page where files and directories
are listed
UNCLASSIFIED
30
UNCLASSIFIED
Download and View Files
View files by downloading them first:
1. Click the file you wish to view
Two file viewing options:
• Click the Down Arrow button
• Right-click then click Download a File option
2. Click either Open, Save, or Cancel on the pop up dialog as
desired
3. View or use the file as desired
UNCLASSIFIED
31
UNCLASSIFIED
File Naming Convention
• All users should follow a set of file naming
Supported File Types
standards to ensure easy access and
.bmp .gif .ppt .txt
retrieval of information
.bz2 .gz .pptm .wmf
.doc .jpeg .pptx .xls
• All content that requires recurring
information products should be dated using the .docm .jpg .tar .xlsx
.docx .pdf .tif
.xlsm
YYYYMMDD format and the file name
.emf .png .tiff
.zip
(Example: 20140510-OIR-Reports)
• File names should be short and succinct, but provide enough
information on the product contents to be discoverable
• Note: The only characters authorized in the naming convention
are as follows: 0-9, A-Z, a-z, hyphen (-), period (.), underscore (_),
and open and close parentheses ()
• Failure to follow these naming conventions will result in the file
not being uploaded
– Spaces in the file name will automatically be replaced with
underscores (_)
UNCLASSIFIED
32
UNCLASSIFIED
Uploading (Posting) Files
• Users (Category 2 or 1)
will have permission to
upload files into folders
• Two file upload options:
– Click the Up Arrow button
– Right-click and select
Upload File
UNCLASSIFIED
33
UNCLASSIFIED
Uploading (Posting) Files (Cont.)
•
From the File Uploader window click on Select a File
•
Select the file using the
Choose a File to Upload
dialog
•
The file name selected
will appear in the File 1 text box
•
To upload click the Upload
button
•
Click the OK button on the
Upload Status dialog
– The Upload Status box will
display the classification level
your file will be labeled
UNCLASSIFIED
34
UNCLASSIFIED
Finalize the Upload
•
After a short period
(1 to 5 mins) after file
upload click the Finalization Queue
button
•
In the window that appears
click the check box to select
the file then click the Accept
Change button
– If you file is not yet available
you may have to hit refresh
until the file appears. The
larger the file the longer it
takes.
•
Click Yes on the Accept Changes
dialog
•
Close the Finalization Queue dialog
•
The file is ready for use
UNCLASSIFIED
35
UNCLASSIFIED
Create/Delete Folders
Category 1 users can create folders:
• Right click on any folder for a list of
options
– Create a New Folder (sub-folder)
• Select the New Folder Name
• Select the Security Level
• Select the Compartments (release)
– Delete an Existing Folder
– Make Folder Private/Public if required
(folder owner only)
– Folder mangers
(View the manager of a folder)
UNCLASSIFIED
36
UNCLASSIFIED
Relabel Items
• Category 1 users can change the classification or releasable
aspect of a file or folder
• Files are uploaded at your connection high with no release
statement
• Click on the file to relabel it
• Click the Change File/Folder Label button
• Click the Yes button to confirm the desire to change
UNCLASSIFIED
37
UNCLASSIFIED
Relabel Items (cont)
•
•
•
•
•
Select the new Security Level
Select the new Compartments (release statements)
Click the Change Classification button
Click the Yes to confirm your change
Click the OK in side car response window once change is made
UNCLASSIFIED
38
UNCLASSIFIED
Finalize the Change
•
After a short
period (1 to 5 mins)
after the change click
on the Finalization
Queue button
•
In the window that appears click the
check box to select the file then click the
Accept Change button
•
Click Yes on the Accept changes dialog
•
Close the
Finalization Queue dialog
•
The file security
classification is changed
UNCLASSIFIED
39
UNCLASSIFIED
File Manager Dirty Words
• File Manager also has a Dirty Words feature for posted files
• A dirty word could be an indicator the message classification
should be kept Secret
• File Uploads that contain a dirty word will not be uploaded by
TNE
• If a dirty word is in the body of a message during a re-label, the
re-label will not be allowed.
• Dirty Word Examples
– Secret – “SECRETary” or “The secret to success is
planning…”
• In both examples the dirty words feature will not allow an file to be
uploaded at any level other than “Secret”
• If a message you think is not Secret will not reach you intended
recipient please submit a ticket to request administrator
assistance with trouble shooting and possibly placing a word like
“secretary” on the clean word list
UNCLASSIFIED
40
UNCLASSIFIED
Email and File Manager Transfer Issues
• TNE inspects files for classification content and verifies the
content is in accordance with the assigned classification before it
passes through TNE (posts or email attachments)
• The system rejects some files based on technical issues or user
error
• The workarounds or solutions to these known issues are listed in
the next three slides
UNCLASSIFIED
41
UNCLASSIFIED
PowerPoint File Fixes
• Remove unnecessary Slide Master Formats (only keep the ones
you're using)
• Check Slide Masters to ensure there are no embedded
classification markings higher than the classification of your
document
• Look at the content of each slide. If you have boxes overlapping,
touching, or extending off the slide, any of those reasons will
cause the file to not pass through the TNE successfully.
UNCLASSIFIED
42
UNCLASSIFIED
MS Office Files Fixes (PowerPoint, Excel, Word)
•
•
•
•
•
•
•
Inspect the file for issues (remove Header/Footer (not in word otherwise it will strip
your classification marking), Embedded documents, Macros, forms, ActiveX
controls, Custom XML Data, Invisible Content, Off Slide Content, Comments and
Annotations, and Notes just to name a few)
– The steps to do this is covered on next slide
Fix classification markings (comply with CAPCO i.e. SECRET//REL TO USA,
MESF, not SECRET//REL MESF)
Ensure classification markings are correct (a common mistake is when a period
vs. a comma is used or putting an extra space in; e.g., SECRET// REL TO USA.
MESF
Dirty Words. Do not use the words UNCLASSIFIED, CONFIDENTIAL, or
SECRET anywhere in your document unless it’s a classification marking. This will
cause it to fail. Do a keyword search for those terms to ensure they are not
present.
Ensure your document has a REL TO classification marking (you cannot send a
regular UNCLASSIFIED document/emails between networks, it has to be
releasable to someone)
Save your product as an Office 2003 Format (.doc, .xls, .ppt), instead of the
normal 2007 or newer format (.docx, .xlsx, .pptx)
If all else fails, save your product as a PDF.
UNCLASSIFIED
43
UNCLASSIFIED
Check File For Issues
• To check a file for issues such as
hidden properties or personal
information that may cause TNE
to reject the file follow these
steps:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Click File
Click Info
Click Check for Issues
Click Inspect Document
Check the items to
inspect
Click Inspect
Remove issues that exist
Re-inspect as needed
Save the file
UNCLASSIFIED
44
UNCLASSIFIED
Chat
UNCLASSIFIED
45
UNCLASSIFIED
Chat Overview
• (U) Common uses of Chat
– Relaying time sensitive information (troop contact; threat tippers,
indications & warnings)
– Collaboration between US BICES-X participating users
– Command and Control (C2) of ISR platforms
• Users must have a TNE account to use this service
• TNE uses an XMPP chat server that is compatible with the
TransVerse Chat Application
• User are required to have the TransVerse chat application
installed on their local workstation.
UNCLASSIFIED
46
UNCLASSIFIED
Configure TransVerse
• Click the Start menu and type
Transverse to find the TransVerse
program.
• Click the application name to launch it
• Configure the New Account dialog
that open as follows:
– Login & password provided by
account creation message
– Click the check-boxes next to Save
Password and Auto Login
– My Chat Server: Enter xmpp146
– Click the Options button to expand the
dialog box
UNCLASSIFIED
47
UNCLASSIFIED
Configuration (continued)
• Cross Domain tab – verify
Disabled is selected for Cross
Domain Mode
• Advanced tab
– Connection Host: Enter the IP
address of your network as
provided by a TNE
administrator
– Port: Enter 5222
– Leave all other fields as
defaulted
• Click Login
UNCLASSIFIED
48
UNCLASSIFIED
Change Password
• You are required to change your initial
password when TransVerse opens or your
account will be locked/disabled
• You are also required to change your
password every 60 days
• Click Edit then Change Password
• Password rules: Minimum of 14 characters, contain at least one
uppercase letter, one lower case letter, one special character (! @
# $ % ^ ( ) & *), one number, and cannot have any characters
repeat more than three times
• Click Change
• Exit TransVerse
• Reopen TransVerse (if you
checked the Save Password
and Auto Login you will be automatically logged in)
UNCLASSIFIED
49
UNCLASSIFIED
Creating a Chat Room
• Chatting takes place within rooms
• Create a room as follows:
– Click the My Places tab
– Right click on the My Server folder
– Select Add Room
• Room naming convention
– Room names are constructed in three (3) parts and all spaces “ ” will
be replaced with an underline “_”:
• Part 1 will be the abbreviated name of the operation (e.g., OIR).
• Part 2 will start the country of the subject area
• Part 3 will state the subject area, subject group/organization, or subject
asset callsign the room is intended to be used for (e.g., Mosul_Dam, TF92, or MQ1_Hackney01).
• Click OK to create the room
UNCLASSIFIED
50
UNCLASSIFIED
Room Set Up
• The Configuration dialog appears
automatically:
– Set the classification and releasability
for the room—default is the maximum
level of the connection (cannot be
changed once set)
– Set the maximum number of room
occupants (0=unlimited).
– Ensure Make Room Publicly
Searchable? and Make Room
Persistent? are the only two boxes
checked in the list.
– These are the only features available
in our environment
• Click OK
UNCLASSIFIED
51
UNCLASSIFIED
Chatting
•
Double click on the desired room to communicate
via chatting in it
•
Number in parenthesis is the number of people in
the chat room
•
Type your information in the text box and press the
Enter key
1. Message History
2. Enter new text and press the
Enter key
•
Click the close button to leave
the room
•
New message notifications; system tray,
Group chat tab, icon color changes
UNCLASSIFIED
52
UNCLASSIFIED
Chat Buttons and Participants
• Chat Room Buttons
–
–
–
–
–
–
Undock
Scroll Lock
Session History
Disable Enter = Send
Find
Filter
• Participants
– User Name format
– FirstInitialLastNameCountry
IE - jsmithusa
Chat Participants
UNCLASSIFIED
53
UNCLASSIFIED
TransVerse Menu
• Edit
– Change Password
– Accounts – see set up of your account
– Other items – not relevant
• View
– My Places
– Group Chat – a tab that contains all chat rooms
you are active in
– My Chat Sessions – a window that shows all
open chat rooms
• Other Menu items are not relevant and not
used in our environment
UNCLASSIFIED
54
UNCLASSIFIED
Destroy a Chat Room
When the room is no longer needed - destroy it (only the room
creator can destroy the room)
1.
2.
3.
4.
Enter the room you created
Click the Red X icon to destroy the room
Click Yes to confirm the destruction of it, then OK
The room will be gone the next time you log in
UNCLASSIFIED
55
UNCLASSIFIED
Issues, Features and Preferences
Preferences
• Click the Edit menu then click
Preferences
– Adjust your preferences as
desired
– Suggest you click on Display
then uncheck the Show
HTML… checkbox
Disabled Features
• Invite others to chat
•
•
User Search
160 character maximum per chat line
(not a user preference but a system
setting)
Issues
• There are a few issues that will log you
out if attempted. Issues will slowly be
resolved over time.
UNCLASSIFIED
56
UNCLASSIFIED
Reminders and Tips
• Reminder
– US BICES-X allows users the ability to share information within a
multi-domain environment as well as segregate and protect data
based upon user profiles settings and access
– Even with this type of safeguards in place, users must remain vigilant
when it comes to network security
– It is the individual user’s responsibility to adhere to instructions and
regulations on Cybersecurity/Information Assurance set forth in host
nation user agreements and by appointed security officers
• Tip
– Suggest you create shortcuts on your workstation or browser for
• TransVerse Chat
UNCLASSIFIED
57
UNCLASSIFIED
Coalition Support Service Desk Contacts
• Phone
–
–
–
–
DSN: 314-268-2815
Commercial: + 44 1480 84 2815
VoIP: 001-311-2000
VoSIP: 302-428-3501
• Email
– Classified:
osd.molesworth.osd.mbx.USBICES-coalition-servicedesk@mail.smil.mil
– Unclassified:
[email protected]
– Unclassified:
[email protected]
UNCLASSIFIED
58
UNCLASSIFIED
TNE Summary
• Services
– Chat
– File Share
– Email
• Users on networks connected via US BICES-X
can now communicate in a secure manner to
support operations
• Information shared is only available to those
they share it with
• User names and passwords required for:
• Chat
• File Share
• Email and File Share require the user to set the
classification and caveats of the file or message
• Email requirements:
• Classification and caveat
• Plain text
• No size limit
UNCLASSIFIED
59