CANES Flashcards
Directive that Defines measures that protect information and information systems
Ensures Availability, Integrity, Authentication, Confidentiality, non-repudiation
Includes measures to provide restoration of information
Protection, Detection, Reaction
Successful protection of assets requires:
Compliance
Understanding Vulnerabilities
Cybersecurity DoD 8500.01 Directive
To WSUS patch administration steps
Login to CM01
From the Windows Start Menu open Windows Administrative Tools
Windows Server Update Services
How to Modify Times for Automated synchronization in Windows Server Update Services (WSUS)
In the left pane of the WSUS management console, expand CM01, and select Options > Synchronization Schedule
Add WSUS email notifications
In the left pane of the WSUS management console, expand the node labeled with the computer name and select Options. All available options appear in the center pane.
Select e-mail notifications
Add user to the WSUS Domain Administrators Group
Windows Administrative Tools > Computer Management
System tools > Local Users and Groups > Groups
Set the WSUS Server to Autonomous Mode
From WSUS, expand the node, Options, Update Source and Proxy Server, Update Source, Synchronize from another Windows Server Update Services Server radio button.
Ensure This server is a replica of the upstream server checkbox is NOT selected and click OK
How to filter WSUS Update Reporting Views
Expand Updates node > All Updates > Actions > New Update View > Select Properties
View appears in the tree view pane under Updates, it displays like the standard views, in the center pane when selected
What server to access WSUS from
CM01
Log in to Exchange Admin Center
From MRDS01 desktop, double-click the Exchange Administrative Center (EAC) icon
Set up email forwarding
From EAC > Set up an email contact > Recipients > mailboxes > Select user > edit > mailbox features > Mail flow View details > Enable forwarding
EAC
Exchange Administrative Center
Set up an email contact
From EAC, select recipients in the left pane and select contacts from the top menu. Click the Add (+) icon, select Mail contact
First Name, Last Name, Display Name, Name, Alias, External email address (address to forward to)
Log in to Exchange Toolbox and use Queue Viewer
Remote IAEXET > Windows Star Menu > Microsoft Exchange Server 2016 > Exchange Toolbox > Queue Viewer
What does Suspend in Queue Viewer do?
Prevents the email from leaving
River City
OP SEC CON
4 everyone access
3 Chiefs
2 DH
1 Triad
HBSS
Host Based Security System: Provides tools to prevent, detect track, report, and remediate malicious computer-related activities and incidents across all Department of Defense (DoD) networks
McAfee Agent and Modules
McAfee Agent
McAfee Host Intrusion Prevention System (HIPS)
McAfee Rogue System Detection
McAfee Policy Auditor
McAfee Asset Baseline Module
McAfee VirusScan Enterprise (VSE)
Is available only in extreme cases; can be initiated by the shipboard admin and will disable HIPS on entire network
SADR “Killswitch”
SADR
Super Agent Distributed Repository (SADR) HBSS Configuration
CANES security uses SADR HBSS configuration on unclassified and SECRET networks. HBSS on the Secret Releasable (SR) and Sensitive Compartmented Information (SCI) networks
SADR Servers
UNCLAS and SECRET enclaves each have two CANES SADR Servers (SADR01 and SADR02) that connect to the HBSS ePO Ashore server
Provide load balancing and fault tolerance
All CANES HBSS policies on UNCLAS and SECRET networks located on the Ashore HBSS Server
Access to Ashore HBSS Server via web interface
Circumstances required to use killswitch:
No access to Shore HBSS server - No way to modify
HIPS interfering with functionality of a system or programs on a system that has official mission requirements
Several systems need to have HIPS disabled, and individually unlocking the HIPS Client User Interface (UI) is not feasible
Shipboard admins are provided HIPS Client UI password to unlock individual computers for troubleshooting
VRAM
Vulnerability Remediation Asset Manager (VRAM)
Stores Assured Compliance Assessment Solution (ACAS) scans for:
Nonsecure Internet Protocol Router Network (NIPRNET)/UNCLAS
SECRET Internet Protocol Router Network (SIPRNET)/SECRET
ACAS personnel ensure assets (scanned IPs) are properly categorized
Which VM supports the synchronization of Microsoft Outlook with a PDA?
(Personal Device Assistant) BES/BUEM
Which Linux command is used to report the amount of disk space that files or directories occupy?
du
For which two enclaves can ACAS be configured to automatically send reports to VRAM?
UNCLASS and SECRET
Which DoD document identifies cybersecurity work in Special Area categories?
8140.01
PMS
Planned Maintenance System
FBR
Feedback Report
OPANAVIST PMS
4790.4
TFBR for discrepancies
CAT B
CANES have two types of user
Admin and non-admin
When forest-level enterprise access is needed
Enterprise Administrator
sa da na wa admin role email nomenclature
adminrole.first.last@FQDN
Service accounts
allows one application to access another, mainly system management applications
xxx.internals should be
Stored safely
Security technology that enables delegated administration for anything that can be managed with PowerShell.
Just Enough Administration (JEA)
Security principle and technology aimed at minimizing the risk associated with privileged access.
Just In time-Administration (JITA)
Tier 0, 1, and 2 administrators
0 Domain/enterprise 1 Server 2 Workstaton
Juno Techonologies
Scripts, for example to create an account
Canes account creation script server location
MCA01
Password complexity enforced by what server
Active Directory
Chapter for proper shutdown
Chapter 4, IETM
MECM
Microsoft Endpoint Configuration Manager
What type of hypervisor is run by ESXi
type 1 or bare metal
DCUI
Lowest level interface to ESXi
DISA Services
Cybersecurity, Network Connetions, Testing, Spectrum
C5ISR
Navy Command, Control, Communications, Computers, Combat Systems, Intelligense,, surveillance, and Reconnaissance
Primary Technical framework supporting Network Centric Operations (NCO)
Global Information Grid (GIG)
Services by DISA
Quality Assurance Enterprise Engineering
Provides end-to-end connectivity throughout the submarine
SubLAN
Provides Secret and Unclassified Local Area Networks within the ship and allows aess to DISN
ISNS
Provides sharing of information with different groups of nations at the SECRET level and below.
SR Network
Allows ships at sea protected and reliable access to special intelligence and SCI data
SCI Network
Transport link between NCTANPS PAC; NCTS San diego ; NCTAMS LANT; NCTS Naples, Italy and NCTS Bahrain?
Circuit-to-Packet (CTP)
Low probability for intercept and high chance of surviving a nuclear blast?
EHF
Provides a transit path off the ship for onvoard secure voice, data, and video?
Automated Digital Network System (ADNS)
Which system is a set of meteorology and oceanography forecast, database, and decision aid tools for weather forecasting?
Naval Integrated Tactical Environment Subsystem (NITES)
Which system supports the use of vending machines aboard ships?
Navy Cash
Provide supor for all NAVY C5ISR services
The NCTAMSs and NCTSs
Afloat and ashore networks provide connectivity
within a ship, ship-to ship , and ship-to-shore
Allow information to travel to and from a ship via the ADNS.
RF transports
How to swap EXSi hosts
In maintenance mode
Wording in the application for turning off
Power off = corrupt Shut down = gracefully
Redundant array of independent disks used by CANES
CANES 5
Device backup displayed by
SCOM
AAA
This stands for Authentication, Authorization, and Accounting. It’s a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These processes are important for network management and security:
Authentication verifies who a user is.
Authorization determines what a user is allowed to do.
Accounting keeps track of what the user does.
What systems are used to login with a CAC to a network device?
AAA RADIUS
Manages access to networks and networked resources efficiently and securely.
AAA RADIUS
RADIUS
(Remote Authentication Dial-In User Service) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.
Service allows files to be sent from one host/node to another while maintaining data integrity
File transfer
Which enclave is designed to interoperate with coalition partners such as NATO
SR Network
Which wevsite for C4I systems provides a single point of customer service
Navy 311
A scalable method of managed network devices to synchronize to an accurate time source is provided by
NTP
CANES Routers and switches LAN Design
CANES Two-Tier: -Collapsed Core/ Distribution -Access
In a switch, blinking amber vs solid amber
Blinking amber: fault with network module, power supply or fan module. Solid amber: Configuration Error
ISE
Identity Service Engine
A CANES client successful connection requires:
-Device registered as CANES asset, indicated by being member of Active Directory domain - Cisco Network Admissions Control (NAC) Agent loadeed and enabled - Device MAC address added to the ISE Endpoint Management Identity Group
Three types of Router
-Cisco Integrated Service Router (ISR) - Cisco Integrated Services Digital Network (ISDN) Gateway - Cisco Adaptive Security Appliance (ASA)
Cisco ISDN Gateway
-Provides CANES with HD video conferencing capabilities - Inegrates between IP and ISDN networks - Specific to VTC service
The Cisco Switch contains two sets of IOS images for every feature and version
One set contains only the IOS image file extension .bin; The other set contains an IOS image plus a web-based device manager extension .tar
Each privileged account will need a separate
SAAR-N form completed and submitted.
What type of script is “CANES Create User”
Juno Technologies
What tabs are required to create a user
General and Organization (+Exchange)
Give the user access to all tabs in the Exchange Management Center and all drop-down menu options for Exchange Databases in the Create User tool
Add account to the Organization Management and Recipient Management Directory Groups by editing member of in Active Directory
Before running Vmware Tools
check the service is running
From where to run Vmware Tools
MRDS01
cd in command line to get to Vmware Tools
cd \Program Files\Vmware\Vmware Tools
Command from cd \Program Files\Vmware\Vmware Tools
VmwareToolboxCmd.exe stat
Commands available in VMwareToolbox.Cmd.exe stat
hosttime speed ballon swap memlimit memres cpures cpulimit
hosttime
date and tine of host
speed [command]
displays the CPU speed in MHz
ballon
memory reclaim from the virtual machine
some actions possible from vcsa html 5 suit
VM startup shutdown Snapshots
How to place EXSi in maintenance mode for swapping
From left panel right-click the esx and the workstation icon will get yellow strips once it’s completed. Check “More Tasks”
Application to configure Switch
Putty name follow structure: U-BB-RTR-102
Initial commands in PuTTy to configure switch
adm.network password enable password config t
To display the most current backup file
show flash: | include backup
To overwrite the current startup-config file with the backup configuration file
copy backupfile.bak startup-config
After copy backupfile.bak startup-config confirm the destination filename:
startup-config // x bytes will be copied, proceed with // reload
Can provide time via triangulation
GPS
Statrum level 1 time servers provide time for CANES network Connect to one of four
GPS IRIG-B PPS 10 MHZ
For 3 dimentional position how many satellites do you need
4
Provides email, contact, and calendar synchronization for handgeld Commercial Mobile Devices
BlackBerry Unified Endpoint Manager (BUEM) 12.10 MR1
What services to check when handheld devices are not working
Verify BES/BUEM services
A Proxy works as a
funnel for all ips and web traffic
CANES employs the following proxy server:
Cisco Web Security Appliance Virtual (WSAV) proxy
Supports regular checking of percentage of decrypted traffic to ensure sizing in consistent with initial install
WSAV logs (Advanced Web Security Reporting log management) Another method of checking decrypted traffic regularly is via simple bash or PowerShell commands
Determines whether CANES users are accessing the network on an authorized, policy-compliant device
Identity Service Engine (ISE)
Assigns services based on the user role, group, and associated policy.
Identity Service Engine (ISE)
Provides Remote Authentication Dial-In User Service (RADIUS) services to the network
Identity Service Engine (ISE)
System Administrators can use Active Directory usernames and passwords to log in to _____ while being authenticated by Active Directory via the RADIUS server
Identity Service Engine (ISE)
Standatd defining how to provide authentication for devices that connect with other devices on Local Area Networks (LANs)
IEEE 802.1X
Used to authenticate non-IEEE 802.1X devices such as network printer, workstations, and Cisco IP phones
MAC Authentication Bypass for Bypassing IEEE 802.1X
Learns an endpoint’s MAC address from the switch of the connecting device or an administrator can prepopulate the ISE server’s MAB database before the device is connected
MAC Authentication Bypass for Bypassing IEEE 802.1X
EXEC mode is denoted by
The pound sign (#) at the end of the prompt in EXEC mode indicates that the user has entered Privileged EXEC mode, also known as Enable mode. This contrasts with User EXEC mode, which is indicated by a greater-than sign (>) and allows access to a more limited set of commands.
In the context of network equipment such as Cisco routers and switches, EXEC mode refers to
the command-line interface environment where users can execute privileged commands.
Synchronize the timeserver in RHEL
Remote into YUM. Use “sudo chronyc -a sources”
Fron DC01 ping the hostname. For the Timeserver by typing
w32tm /query /status
Log on to Cisco Prime Infrastructure
From MRDS01 https://pi.
username for Cisco Prime Infrastructure
root
How to manage wireless devices
Log on to Cisco Prime Infrastructure
service to restart as common trouble shoot step equivalent to signing in and out
Windows Explorer
FSMO
Flexible Single Master Operation
FSMO what does these roles permit?
These roles permit only one domain controller update access to a specific part of the Active Directory database
Five FSMO roles can be trasferred to any domain controller in the CANES Active Directory domain, what server has all five roles by default?
DC01 is assigned all five roles by default
FSMO roles
Schema Master, Domain Naming Master, Relative ID (RID), Primeary Domain Controller (PDC), Infrastructure Master
FSMO Role: Domain Naming Master
Makes changes to the domain naming space of the directory; adds and removes domains from the directory
FSMO Role: Relative ID (RID)
Processes RID pool requests for DCs withinn the domain; RIDs are unique identifiers associated to Active Directory objects
FSMO Role: Primary Domain Controller (PDC)
Is the Network Time Protocol (NTP) authoritative source; account password changes and authentication failures replicate to the PDC emulator first.
FSMO Role: Infrastructure Master
Updates cross-domain references when an object in one domain is referenced by an object in another domain.\
FSMO Role: Schema Master
Performs updates to the directory schema
Network shared folders on CANES FS01: HomeShare
is a user shared drive that redirects CANES users local profile folders
Network shared folders on CANES FS01: Share
is the general network share location for CANES user file and folder storage
Network shared folders on CANES FS01: Software
contains CANES domain software repository used by CANES automation scripts and other domain services such as Microsoft System Center Configuration Manager (SCCM)
SCCM
Miscrosoft System Center Configuration Manager
Correct PMS with
Feedback Report
Sync to accurate time source
NTP
Number of switch rack is determined by the size of the unit
Edge switch racks
Service allows files from server to server
File Transfer service
What enclave is for intelligece and crypto analyst
SCI
Routers CANES software 3
Cisco
Chapter 2 of the IETM
Safety precautions
Stratum level is a reference clock
Statrum 0
What administrator account is for network devices
NA
PDA server health
SCSM
Protocol AAA Canes
Radius
Virtual NIC in vitual machines what connects the VINIX?
Virtual Switch
FSMO Role: Infrastructure Master
Updates cross-domain references when an object in one domain is referenced by an object in another domain.
Large group of storage devices
Array
Type of virtualization allows you to use a program over another computer
Application Virtualization
Control IP traffic within a network
Switch
Chapter of the IETM overall nature of the system
Chapter 1
Submarines use for firewall
5525
Lowest probable of intercept, survives nuclear
EHF
Wireless Access Point Cisco manager
WLC wireless LAN controller
Enclave that supports across domain solutions
Secret
Proxy server
WSAV
Back up and Storage system
IBM 35 12
Server feature secures CANES workstations Active Directory to assign
Group policy
VM feature VM machine from one host to another
vMotions
Number of switch rack is determined by the size of the unit
Edge switch racks
Directory Service
Required by Linux servers fo sharing administrative configuraion data as well as non-administrative data, such as telephone and e-mail directories
Shell
The operatin system layer that interprets commands received from the applications layer.
The operating system layer htat schedules various processes and tasks, and manages other vita functions like file management and storage.
Kernel
A program that is loaded into memory when the computer boots up, The core of Linux, controlling the allocation of available hardware resources.
Includes the necessary programs to talk to all the devices connected to it. The Linux Kernel
A multi-level, hierchical system called a directory tree. There are 15 standard directories in the root directory, which is designated by a forward slash (/)
Linux Standard File Structure
To properly log out of the Linux shell, users must
type :”logout” or “exit” at the command prompt
reports the amount of disk space that specified files or directories occupy.
du
creates a new directory in the current or a named directory
mkdir
Searches text or a given file for lines containing a match to a given strings or words
grep
Creates archives of files for backup, transfer, or storage purposes
tar
Lists the files in the current directory or a named directory
ls
Displays information about a named command, including all of its available options
man
The Linux syslog report provides users with information related to all of the following
- system errors * dates and times of backups * unauthorized access attempts
Print (display) the path of the current working directory
pwd
The tar command does not perform compression. However,
compression utilities can be used to compress archives created with tar
Command in Linux to display current system time
$ date +”%T”
Command for a dynamic, real-time view of the running system?
top
Command to sed four copies of the text files “issues.txt” to a printer named “main_printer” which is not the dafult printer
lp -n 4 issues.txt -d main_printer
Broadcasts an IP address to each machine on a network to identify the associated mac address
arp
A software utility designed to schedule a variety of jobs, or tasks, to run once or on a recurring basis at specified times or intervals
Cron
Files that are lists of other files, used to organize files
Domain Sockets
Ordinary data files, such as text files, image files, executable files, etc
Regular Files
References that point to other files
Directories
Special files that connect the output of one process to the input of another
Symbolic Links
Special files that allowtwo-way communication between two processes.
Named Pipes
Files that facilitate the communication between hardware and software
Device files
Command to make a mirror image of a system hard drive on a different hard drive
dd
Command seraches for a specific string of characters or words in a named file or files
grep
What does the user need to do before mounting a filesystem to a currently accessible filesystem in Linux
Determine the device name associated with the particular storage device using the fdisk command and identify or create a mount point for the device.
Agile Core Services ACS Software automation capabilities
Continuous improvements and extensions to capabilities, Catch erros quickly and continuosly, Integrate new application code, Obrain end user feedback
In SW1 and SW2 variants, ACS is referred to as
Afloat Core Services
ACS in SW3 and beyond is currently fielded on
several large deck platforms
Two major components of ACS
ACS Common Services (ACS-C) ACS Data Analytics Services (ACS-DA)
Exchange Toolbox is installed on
CANES EX01/02 and IAEXET
Exchange Toobox includes _____, which is a MMC snap-in that you can use to vidw information about and act on queues and messages in queues
Queue Viewer
System Admins can use Queeue Viewer to perform the following actions:
Remove Messages, Suspend Messages, Resume Messages, Redirect Messages
Are the software used to establish connections and obtain user information required to transfer files
FileZilla Client and FileZilla Server
FileZilla is located on:
IAEXET for SW1/SW2
WEB for SW3/SW4
FileZilla provides the File Transfer Protocol (FTP) and File Transfer Protocol Secure (FTPS) for hosted and connected systems such as:
Global Broadcast Service (GBS)
Theater Battle Management Core Systems (TBMCS)
Distributed Common Ground System-Navy (DCGS-N)
FTP is used to
transfer files between hosts and or servers and does not require authentication
FTPS is secured using
Transport Layer Security (TLS), data is encrypted in transit
Secure File Transfer Protocol (SFTP) uses
Secure Shell Protocol (SSH) to secure FTP transfers
Trivial File Transfer Protocol (TFTP) uses
User Datagram Protocol (UDP) for FTP transfers which means the data is less reliable, but faster
Generate a single certificate in on Navy Certificate validation Infrastructure (NCVI)
Remote MCA01
AIC Tools
right click Generate single Certificate
Run as Administrator
Single Certificate
CANESComputer
The Enter Device Name screen appears
Type name of certificate
Path to save Certificate created from AIC Tool
\ds\Software\DomainCerts\certs
Verify a .rsp file
Run .cmd as administrator
open _cert.rsp with notepad verify –Begin Certificate– and –End Certificate– header and footer
Add an FTP User
\web\F$\FTP\DDGXX
New Folder
sa.<first>.<last></last></first>
Enable FTP User
Remote into MCA01
Active Directory Users and Computers
CANES Groups
FTP Users
Members
Add user name for the Sys Adm account you created
Add WEB to Site Manager
MCA01
FileZilla FTP client
Filezilla
File > Site Manager
New Site: “WEB”
Verify the user’s FTP access
down arrow next to Site Manager icon WEB
Connectivity to the FTP server is established when Status: Directory listing successful is displayed
VoIP connection type
TCP to establish UDP to conduct the call. Because TCP because it is too heavy for real time applications.
Prerequisites for installation and configuration of VOIP and VOSIP
- Identity Services Engine (ISE) Configured network End User Access (EUA) with Power over Ethernet (PoE) capability or a 100VAC wall receptacle
- CANES fully configured Cisco Unified Communication Manager (CUCM)
- Connectivity to the Network Operations Center (NOC) with 8kbps bandwidth or higher
- Automated Digital Network System (ADNS) Increment III SP4
- Verify Access Control Lists (ACLs) have been created in the firewall on both inbound and outbound interfaces for phone to connect to the NOC
- Record of Media Access Control (MAC) addresses of all VoIP phones
XMPP
Extensible Messaging and Presence Protocol (XMPP)
Provides open standard for interoperability with Department of Defense (DoD) users
Required to exchange text-based messages
Resides on the chat server
Supports external chat sessions
Swift Chat
Full-featured instant messaging client for internal communication:
Uses XMPP protocol
Open-source IM client
Supports different platforms
Provides strong security
Allows end users to share files
Mako Chat Server/Client
Enables warfighter’s client to maintain better connections to chat servers
Located at shore-based command centers or on ships
Provides authentication, encryption, and login security features
Enables XMPP users to connect directly to Mako servers
Used on SECRET enclave to increase security based on:
Transitional architecture
Certificate credentials
Strong user authorization requirements
Solid information encryption software
VTC
Video Teleconference
VTC
- Combination of locations
Host connection points and are the gatekeeper: - Naval Computer and Telecommunications Station (NCTS) Hampton Roads (UARNOC)
- Naval Computer and Telecommunications Area Master Station (NCTAMS) PAC (Makalapa)
Connects to the gatekeeper with CRITICOM Integrated Secure Encryption Console (ISEC) switch
System Management Tools Benefits
Goal is to recognize all system administrator responsibilities and to choose one or more methods for verifying target objectives or tasks necessary
Interactivity
Tools work best when integrated with one another
Complexity
Granular interpretations of data presentation
Multiple dashboard and widget options
Innovations
Custom reports
Graphic dashboard options
Granular filters
Remote access
Main reference for Incident Management
CANES SW4 IETM, EE689-2X-IEM-004 AN/USQ-208C(V)
Main reference for CANES in C5ISR
Naval Telecommunications Procedures (NTP) 4(E) Naval Communications, Naval Network Warfare Command, 18 January 2008.
Main refence for Platform Variants
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for CANES Computing Environment
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for Security Enclaves
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
DDG Production IP Plan SW4, IPPLAN_DDG_CG-HW2.0-SW4.0-V1.0
Main reference for Technical Documentation
CANES SW4 IETM, EE689-2X-IEM-004-AN/USQ-208C(V)
NAVY 311, https://navy311.navy.mil
SAILOR, https://sailor.navy.mil
Main reference for Planned Maintenance System
CANES IETM SW4 – EE689-2X-IEM-004-AN/USQ-208C(V)
Ship’s Maintenance and Material Management (3-M) System, OPNAVINST 4790.4
Main reference for Account Management
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
COMPACFLINST 5230.1A, Fleet Functional Area Manager/Fleet Applications and Solutions Team Program, 5230.1A 13 MAR 2018
Main reference for CANES Services
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
COMPACFLINST 5230.1A, Fleet Functional Area Manager/Fleet Applications and Solutions Team Program, 5230.1A 13 MAR 2018
Main reference for Virtualization
CANES SW4 IETM, EE689-2X-IEM-004-AN/USQ-208C(V)
CANES Network Maintenance Addendum, AN/USQ-208(V)
VMWare vSphere Virtual Machine Administration, https://docs.vmware.com
Main reference for CANES Web Proxy Servers
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for Storage Area Networks
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
vSAN Planning and Deployment – VMware vSphere 6.7, https://docs.vmware.com/
Main reference for Network Device Management
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
CICD SW3 End User Access Switch Configuration, CICD-PMW160-CANES-000243
CICD SW3 Pre-Production, CICD-PMW160-CANES-000238
DISA Network Device Management, SRG (V)
DISA Network Devices, STIG (V)
DISA Network Infrastructure Policy, STIG (V)
Cisco ASA Series General Operations CLI Configuration Guide, https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config.html
Main references for CANES Switch and Router Operations
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Main reference for Firewalls
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
CICD SW1 CISCO ASA Firewall - CICD-CICD-PMW160-CANES-000080
CICD SW1.2 CISCO ASA Firewall - CICD-CICD-PMW160-CANES-000175
CICD SW2 CISCO ASA 5525x- Firewall and Firepower Software Installation and Configuration - CICD-PMW160-CANES-000197
CICD SW3 CISCO ASA 5525x- Firewall and Firepower Software Installation and Configuration - CICD-PMW160-CANES-000254
Main reference for Network Time Protocol
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for Wireless Access
CANES SW4 IETM, EE689-2X-IEM-004-AN/USQ-208C(V)
CICD SW4 Wireless LAN Controller Configuration, CICD-PMW160-CANES-000332
CICD SW4 Submarine NIPR/SIPR Wireless LAN (SWLAN), CICD-PMW160-CANES-000353
Main reference for Mobile Device Management
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for CANES Web Proxy Servers
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for Cisco Identity Services Engine
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Cisco Identity Services User Guide
Cisco Identity Services Administrator Guide
Cisco Identity Services Command Line Interface (CLI) Reference Guide
Main reference for Windows Workstation
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
https://docs.microsoft.com/en-us/windows/resources/
https://support.microsoft.com/en-us/windows#ID0EAABAAA=Windows_10
Main reference for Windows Server
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Microsoft Docs Windows Server, https://docs.microsoft.com/en-us/learn/browse/?roles=administrator&expanded=windows&products=windows-server
Main reference for Red Hat Enterprise Linux
Linux Security Technical Implementation Guide
Red Hat Enterprise Linux 7 System Administrator’s Guide
Main reference for Service Account Management
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for ACS
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Afloat Core Services (ACS) Developer’s Interface Guide, ACS-A060-DIG-(V)
Main reference for WSUS
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Concept of Operations (CONOPS), Windows Semi-Annual Channel Release for CANES, 2017-001735 Version . 11, 30MAR2018
Concept of Operations (CONOPS) Windows Semi-Annual Channel Release for CANES, SW2.0.X.0, 2017- 001735 Version 1.6, 09DEC2019
Main reference for Windows Exchange and Mail Service
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for Security Service Architecture
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Cybersecurity, DODI 8500.01, Change 1, October 7, 2019
Cyberspace Information Technology and Cybersecurity Workforce Management and Qualification Manual, SECNAV M-5239.2 (series)
Cyberspace Workforce Management, DoD Directive 8140.01
DOD National Industrial Security Program (NIST) Operating Manual, DoD 5220.22-M, May 18, 2016
DODI Network Management (NM), DoDI 8410.03, Change 1, July 19, 2017
Main reference to HBSS Host Based Security System
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
U.S. Navy Host Based Security System (HBSS) ePolicy Orchestrator (ePO) Afloat Consolidation Concept of Operations (CONOPS), Version 7, 18 September 2015
Main reference for ACAS Assured Compliance Assessment Solution
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
CANES ACAS and VRAM Fleet SOP, SOP-PMW-160-CANES-00001
Configuration Item Configuration Document (CICD) Assured Compliance Assessment Solution (ACAS) Server Configuration for SR/SCI, CICD-PMW160-CANES-000258
Main reference for VRAM
ACAS Server Configuration for SR/SCI SW4- CICD-PMW160-CANES-000330
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for NCVI Navy Certificate Validation Infrastructure
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
NAVY CERTIFICATE VALIDATION INFRASTRUCTURE, CICD-PMW160-CANES-000358 SW4
Main reference for File Transfer Service
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
CANES Network Manager’s Guide, EE689-2X-GYD-020(V)
MIL-STD- 1780 Military Standard File Transfer Protocol
CISCO Introduction to client FTP, https://www.cisco.com/c/en/us/td/docs/ios/sw_upgrades/interlink/r2_0/user/ugftpc1.html#wp199177
Main reference for Cross domain Solutions
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for VoIP Operations
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
CICD SW4 Voice over IP (VoIP) Telephone, CICD-PMW160-CANES-000355
Main reference for Chat Operation
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Mako CANES Software 3.0 Installation and Operation Guide, Version 1.1.5
Main reference for VTC Device (Video Teleconference)
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for VTC Operation
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for VDS (Video Distribution Service)
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
CANES Network Manager’s Guide, EE689-2X-GYD-020
Developer’s Interface Guide (DIG) for Consolidated Afloat Networks and Enterprise Services (CANES), CVN-DDG-LHA-CG MOC-LSD-LCC
Configuration Item Configuration Document (CICD) Video Distribution System SW 4.0, CICD-PMW160-CANES-000342
Main reference for System Management
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Cyberspace Information Technology and Cybersecurity Workforce Management and Qualification Manual, SECNAV M-5239.2
Department of the Navy Information Systems Security (INFOSEC) Program, SECNAVINST 5239.3
Microsoft System Center Resources, https://www.microsoft.com/en-us/systemcenter/resources
Main reference for Incident Management
CANES SW4 IETM, EE689-2X-IEM-004- AN/USQ-208C(V)
Navy Information Forces Navy Process Reference Model, COMNAVIFOR M-2620.2
Cyberspace Information Technology and Cybersecurity Workforce Management and Qualification Manual, SECNAV M-5239.2
Department of the Navy Information Systems Security (INFOSEC) Program, SECNAVINST 5239.3
Microsoft System Center Resources, https://www.microsoft.com/en-us/systemcenter/resources
CYBER-1 (Series) Incident Management
DEPARTMENT OF THE NAVY COMPUTER NETWORK INCIDENT RESPONSE AND REPORTING REQUIREMENTS SECNAVINST 5239.19 (series)
Main reference for Event Management
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Cyber Incident Handling Program 2012, CJCSM 6510.01B
Cybersecurity Activities Support to DoD Information Network Operations, DODI 8530.01
Committee on National Security Systems Instruction, CNSSI No. 1010
CICD SW3 System Management Suite, CICD-PMW160-CANES-000255
Computer Security Incident Handling Guide, NIST SP 800-61
Main references for Configuration and Release Management
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
COMNAVIFOR, M-2620.2 NAVY INFORMATION FORCES NAVY PROCESS REFERENCE MODEL
COMNAVIFOR, M-5239.2D COMMANDER’S CYBERSECURITY MANUAL
SECNAVINST, M-5239
System Center, HTTPS://WWW.MICROSOFT.COM/EN-US/SYSTEM-CENTER
CYBER-1 (REV E), SUBMARINE FORCE CYBERSECURITY MANUAL
Main references for SIEM (Security Information and Event Management)
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
COMNAVIFOR M-2620.2, Navy Information Forces Navy Process Reference Model
COMNAVIFOR M-5239.2D Commander’s Cybersecurity Manual
SECNAVINST M-5239
Sentinel Administrator Guide
Sentinel User Guide
Main references for Fault Isolation Strategy
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
CANES Network Manager’s Guide, EE689-2X-GYD-020
Main reference for Remove and Replace
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
Main reference for Watchstanding Procedures
CANES SW4 IETM – EE689-2X-IEM-004-AN/USQ-208C(V)
SIEM software is
NetIQ Sentinel Application in SW3/4 NetIQ Security Center in SW1/2
Six Steps troubleshooting procedure
- Recognize Symptom
- Define Symptom
- List Probable Faulty Functions
- Localize Faulty Functions
- Localize Trouble to the Faulty Component
- Failure Analysis
First consideration for remove and replace (Planning Considerations)
Documentation is the first consideration for remove and replace
What does EDP do?
Electronic Data Processing (EDP) Installs, maintains, and repairs Navy’s afloat tactical systems: GCCS-M TBMCS NITES DCGS-N
Process Incidents Using SCSM, get to Service Manager Console
Remote into MRDS01 > Microsoft System Center > Service Manager Console > IM01 connect
Process Incidents Using SCSM, once in Service Manager Console
IM01 connect > from the bottom left pane Work Items > Incident Management > All Incidents
Process Incidents Using SCSM, once in Incident Management
All incidents > Create Incident > From all incidents IR8 (SharePoint)
Portion that supports ACS hosting management applications
Platform as a Service
System to prevent Host based instructions
HBBS
VTC
unclass secret
How often updates
everyday
All of them
File Transfer Service
Removal device first documentation
Documentation
For Scans
Nessus
Operational test new vender products
DoD
Validate users PKI
Desktop Validator
Type of account to access another application
Service Account
Edge Trasnsport Role
IAEXET
Access service use
TTC
Tool for tracking incidents
VM Service Manager
chat authentification encrition
Macon
Server
BU
Bridges
MCU
Installs, maintains, and repairs Navy’s afloat tactical systems: GCCS-M TBMCS NITES DCGS-N
EDP
System
Microsoft System Center
Convert analog and digital to IP
CODEC
SCOM recommended starting point
CANES System Summary Dashboard
Endpoint Security Software
SIEM
3 step
List probable
Basic computer skills
authorized user
Enclave result uploaded
Unclass SIPR SR
Which Service distribute video
VDS
