Offsite Access To NOMAD Is About To Change (Or is it?)

By Keith Cowing on January 29, 2009 9:03 AM 9 Comments

NOMAD Website is Moving - Friday, January 30

"Access to the NOMAD site from outside the NASA network (e.g., home, hotels) will require login using a RSA token and virtual private network (VPN) or secure nomadic access (SNA) on your computer.  The NOMAD Website will no longer be accessible publicly to non-NASA employees. The new NOMAD Website includes a calendar.  As a reminder, please visit this page whenever you need information about NOMAD activities and issues impacting email delivery."

Editor's note: Of course, NOMAD was once again unclear in what it was telling its users, so this update to explain and clarify last night's update was sent out:

"You received the message below from NOMAD Outreach yesterday.  Since the message went out, I received numerous calls and email messages from our customers concerning the message.  This message is being sent as a clarification to the below message. Outlook Web Access (OWA) Webmail is available at https://webmail.nasa.gov/  Use your NOMAD email login in order to access your email from anywhere you have an Internet connection.  Webmail is frequently an alternative to send and receive email when there are activities scheduled, or issues that arise, which impact your desktop or laptop email client and/or handheld device. The move of the NOMAD website from a public site does not affect how you access Webmail."

Categories:


Advertise Here

9 Comments

| Leave a comment
user-pic
Mike D | January 29, 2009 12:28 AM | Reply

Seriously, you'll need VPN or the token for offsite access? So much for the one useful feature of NOMAD. I never checked email on travel since our old webmail system needed all that junk.

How does that effect Crackberrys?

user-pic
CM | January 29, 2009 3:40 AM | Reply

The announcement seems quite hasty, with only two days notice. Also, the message itself is quite confusing. The website that was provided in the announcement message is an unsecured 'http' connection, rather than a secured 'https' connection, which seems to run counter to the implied goal of improving security.

There is also no definition of what 'secure nomadic access' (SNA) would be [*], so that really is not a help.

Third, there's no discussion of impact to a large number of home/travel employees, which use Outlook or IMAP to access their mail. Will they need to use 'nomadic' access as well?

Finally, it's ironic that the schedule website referenced in the email message doesn't actually have this major service change listed!

[*] - other than that it's an acronym within an acronym... as only NASA can.

user-pic
Kevin Parkin | January 29, 2009 5:24 AM | Reply

Is there some security flaw in secure http that NASA knows about and the banks, internet vendors and online hosting companies don't?

If not, isn't it a huge security risk to force all those machines inside the NASA firewall via VPN just to check e-mail?

For example, if someone has a server sheltering inside the firewall, and now tens of thousands of people (machines) appear inside that firewall every day to check their e-mail, by what factor does that increase the attack surface? How much quicker will worms propagate?

user-pic
JC | January 29, 2009 7:09 AM | Reply

Do they realize that not everyone has the token or SNA? I guess I won't be checking from home.

Maybe it is a good thing we aren't allowed to travel to conferences. I'd hate to have to publicize my work AND check my email!

user-pic
Bob | January 29, 2009 7:50 AM | Reply

This appears to be yet another device to impede the ability to do work on the part of the researcher; all process with little or no results.

user-pic
Charles Boyer | January 29, 2009 9:40 AM | Reply

Welcome to the real world. That's how it works in 99% of the corporate world, and for good reason.

Speaking as an IT guy, I can tell you unequivocally that your IT folks are closing several security holes. OWA is exposed to the Exchange servers directly and in turn the LAN infrastructure. That makes things all the easier for hackers, and NASA is what's known as an "inviting target."

Not all hackers are pimply-faced teenagers acting out their rebellious years, either. The good ones are industrial and foreign spies and they do not go into IRC or on monkey boards and brag of their exploits and methods. So yes, there is a clear and present security risk.

That's why putting two-key identification makes more than common sense. In fact, I am very surprised it hasn't been in place all along, as it should have been.

You folks out in user-land might have the idea that your IT is against you somehow, or is incompetent, but that's a very short-sighted and quite frankly an immature point of view. Their job is a taken-for-granted, but it requires long hours and dedication to keep systems operating and secure -- and folks, security breaches cost money and cause downtime.

So when you have to type a password and a ten-digit RSA key number, consider how much time that would take versus the downtime if your network were compromised.

user-pic
NASA Employee | January 29, 2009 11:57 AM | Reply

This was an unfortunate misunderstanding. I was contacted by a representative this morning to clear up my confusion after I responded to her regarding the latest email delivery.

Here's the scoop: apparently - and unbeknownst to me - there's an unsecured NOMAD Update website out there (http://nomad.nasa.gov) that tracks scheduled outages and such. This is not the same as the Outlook webmail that many of us use. The NOMAD Update website is moving to a secured server and will soon require access with VPN. The Outlook Web Access Webmail (https://webmail.nasa.gov) is not affected and will not require VPN tokens for access. Personnel may continue to access their webmail just as they always have.

I hope this clears up any confusion.

user-pic
JM | January 29, 2009 12:28 PM | Reply

Per the editorial update, it seems that NOMAD got an earful from its users and had to explain that the NOMAD website was not the same thing as the webmail website, which will still be up and running as it always has been. (So we will still be dealing with all the issues that people have been pointing out here and elsewhere.)


It turns out, the NOMAD website is for doing more basic things like updating your directory information and checking on the status of the e-mail system, including a calendar for planned an unplanned outages. (So, yes, you can still log in from home, you just won't know why the system isn't working.)

user-pic
Mark S. | January 29, 2009 7:39 PM | Reply

I'm telling all of you right now…as an IT professional unless they get rid of that Windows crap it will be SSDD.

Rip that junk out section at a time and replace them with Xserves and Mac work stations. It'll be cheaper in the long run and more secure right off the bat.

Leave a comment

Search




calendar

Events
Launches
Your Event

Monthly Archives

Categories

Mortgage Lead

Play online bingo at the top bingo sites.

Interested in Space Travel, try the next best thing, name your own star.

Online Bingo

Hier finden Sie die neuesten Casino Bonus Codes von fuhrenden Gaming-Sites.

Forex like a Pro with a leading forex broker.

About this Entry

This page contains a single entry by Keith Cowing published on January 29, 2009 9:03 AM.

A Question of Priorities On The 9th Floor was the previous entry in this blog.

The Mission Continues is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.



- Find brilliant bingo sites and start to win

-

- Trade Forex like a Pro

- Die besten Seiten fur online roulette spielen, Spielstrategien und Tipps.