NMCI Gets Into A Hot Spot
By Mike Hernon - Published, March 4, 2010
For years now, Navy Marine Corps Intranet (NMCI) users have jealously eyed the laptop-wielding, Wi-Fi-connected masses in coffee shops, hotels and airports as they turned idle time into productive time. Barred from full network access, NMCI users on the go had to settle for cellular phones, air cards and Outlook Web Access to provide mobile support. While these capabilities provide some fairly productive mobility tools, access to the information and resources on NMCI that would further support the mobile worker remained unavailable — until now.
With the release of Wireless Public Hotspots (WPH) service, NMCI users within the continental United States can now use free or for-fee public Wi-Fi hotspots to securely access NMCI. This capability provides mobile users with the same computing environment they would have when sitting at their wired computer. This enhanced capability will allow remote users to remain better connected and more productive outside of their wired environment, whether on travel, telecommuting from home, or in any location outside the office where Wi-Fi is available.
Private Network, Public Wi-Fi
Integrating any secure, private network, such as the NMCI, with public Wi-Fi access points outside the control of network administrators is not done lightly. Before delivering any enterprise mobility capability to the Department of the Navy workforce, a careful analysis of the delicate balance between the benefits and inherent risks of wireless technologies is conducted.
Opening up network access through publicly available Wi-Fi hotspots presents significant information assurance (IA) concerns about introducing threats that might potentially harm the network. The use of public Wi-Fi access points, which are normally unsecured and unencrypted by design to foster maximum sharing of the signal, brings a number of widely known vulnerabilities that may be exploited. For example, is that wireless network named "FREE STARBUX Wi-Fi" that shows up as available for connection really coming from the coffee shop you're in or from the van in the parking lot?
Setting up such imposter or "rogue" access points that can divert your laptop to a hacker-controlled destination and/or install malware is just one potential avenue for hackers. Another common attack is to take advantage of the lack of encryption on a public access point to intercept and read the traffic transmitted between the laptop and the network.
Of course, these threats are above and beyond the fact that you are conducting official business in the middle of a bustling coffee shop or airport terminal, and wearing a uniform or sporting a Defense Department badge that just might make you a more attractive target for hackers.
Locking It Down to Open It Up
The threat to the network from these vulnerabilities is real; the impact from a breach could not only affect the user that is being targeted, but the entire network. Clearly, before approval could be given by the Navy and Marine Corps Designated Accrediting Authorities (DAA), network engineers had to develop a solution that would minimize the risks of Wi-Fi access.
As a result of these efforts, connecting to NMCI via a public hotspot is done in a significantly different way than how you would normally use your laptop's internal Wi-Fi antenna to connect to a hotspot at home or in a public location.
The NMCI solution relies on two components that reside on the laptop; one is hardware, and the other is software-based. The hardware consists of an approved wireless network interface card, which installs in the laptop's PCMCIA slot. (Laptops with an Express Card slot will require an adapter.) The necessary client software component is the Wireless Client Encryption, which is available only through NMCI. This allows you to securely connect to NMCI via an encrypted virtual private network. Additional security includes the encryption of data-at-rest and the Host Based Security System for intrusion prevention.
This newly announced Wi-Fi hotspot offering is distinct from, and in addition to the existing solution for wireless local area networks (WLAN) for access on those Navy or Marine Corps bases and installations (i.e., base area networks), where WLANs are currently in place. Depending on your needs, you may install either or both solutions on your laptop.
Cutting the Cord
All components required to enable wireless access to either public or base access points are available through the Contract Line Item Numbers (CLIN) on the NMCI contract. There are one-time costs to procure the hardware and software, as well as a monthly recurring fee, each ordered through a separate CLIN. Additionally, the following constraints apply:
- Windows XP operating system installed;
- Broadband Unclassified Remote Access Service (BuRAS v4.0.5) installed;
- Navy NMCI domain only (as of this writing, the Marine Corps DAA has not approved the solution);
- Unclassified use only; and
- Not available for non-NMCI networks, such as the science and technology domains.
For the latest offerings and pricing information, visit the NMCI Homeport wireless page at
https://www.homeport.navy.mil/services/wireless. Additional resources on the site include a user guide and an online tutorial.
Mike Hernon is the former chief information officer for the city of Boston and currently serves as an independent consultant. He supports the DON CIO in a variety of areas within the enterprise services management group including telecommunications and wireless strategy and policy.