ARNLD tracks Army network address allocations and assignments linking networks to the organizations responsible for them (Registrars) and organizations using them (Customers). Routing tables are uploaded to the system to link netblocks with ASN's and Army Service Routers. This helps identify where a netblock is used physically and logically.
Approved whitelist entries are uploaded to the DISA Registry NLT 1600 EST on Friday and Tuesday. See the AGNOSC Whitelist and Web Domain Registration Page on AKO for further details.
Web servers need to be registered in ARNLD after a Ports, Protocols, and Services exception request is submitted and approved, and before a request is submitted to RCC-C for configuration behind the reverse web proxy (RWP). See the RCC-C RWP Process page for further details. Configuring a web server to be behind a RWC is required per AR 25-2 and the NIPR-DMZ STIG. See AR 25-2, 4-20g Network Security, Internet, Intranet, and WWW security:
(12) Network managers and IA personnel will protect publicly accessible Army Web sites by placing them behind an Army reverse Web proxy server. The reverse proxy server acts as a proxy from the intranet to the protected server, brokering service requests on behalf of the external user or server. This use of a reverse proxy server provides a layer of protection against Web page defacements by preventing direct connections to Army Web servers.
(13) Publicly accessible Web sites not protected behind a reverse Web proxy (until moved) will be on a dedicated server in a DMZ, with all unnecessary services, processes, or protocols disabled or removed. Remove all sample or tutorial applications, or portions thereof, from the operational server. Supporting RCERTs and TNOSCs will conduct periodic vulnerability assessments on all public servers and may direct blocking of the site dependent on the inherent risk of identified vulnerabilities. Commanders or assigned IAMs will correct identified deficiencies.
Approved whitelist entries are uploaded to the DISA Registry NLT 1600 EST on Friday and Tuesday. See the AGNOSC Whitelist and Web Domain Registration Page on AKO for further details.
Web servers need to be registered in ARNLD after a Ports, Protocols, and Services exception request is submitted and approved, and before a request is submitted to RCC-C for configuration behind the reverse web proxy (RWP). See the RCC-C RWP Process page for further details. Configuring a web server to be behind a RWC is required per AR 25-2 and the NIPR-DMZ STIG. See AR 25-2, 4-20g Network Security, Internet, Intranet, and WWW security:
(12) Network managers and IA personnel will protect publicly accessible Army Web sites by placing them behind an Army reverse Web proxy server. The reverse proxy server acts as a proxy from the intranet to the protected server, brokering service requests on behalf of the external user or server. This use of a reverse proxy server provides a layer of protection against Web page defacements by preventing direct connections to Army Web servers.
(13) Publicly accessible Web sites not protected behind a reverse Web proxy (until moved) will be on a dedicated server in a DMZ, with all unnecessary services, processes, or protocols disabled or removed. Remove all sample or tutorial applications, or portions thereof, from the operational server. Supporting RCERTs and TNOSCs will conduct periodic vulnerability assessments on all public servers and may direct blocking of the site dependent on the inherent risk of identified vulnerabilities. Commanders or assigned IAMs will correct identified deficiencies.
No comments:
Post a Comment