# Defence Firewall



## MOOXE (3 Aug 2007)

Just learned we are blocked from editing Wikipedia articles. Now some will say you'd be on there wasting time editing articles. Before you speak up or even think that, that theory holds no water. Theres 1000000 ways to waste time on the net.

Anyways, heres the message you get when you try and edit......... 

"You have been blocked from editing.
131.137.245.198 (an account, IP address or range of addresses) was blocked by DragonflySixtyseven for the following reason (see our blocking policy):

as per request of sysadmin John Palmer
"


Mod note....email address removed.


----------



## Trinity (3 Aug 2007)

MOOXE said:
			
		

> Theres 1000000 ways to waste time on the net.



Now there is one less way. 

BTW.. posting the guys email addy isn't cool!


----------



## Greymatters (3 Aug 2007)

I will forego the obvious question of 'why are you using DND equipment to work on wikipedia' for those more rule-conscious...

However, the block may be related to your server and not the particular person doing the data entry.   Apparently a single block will affect large numbers of computers that share the same server address (or something like that...).  I dont contribute to Wikipedia, but I used to like to read the discussions behind some of the articles, but you cant do that if you are blocked. 

In this case, it looks like the request was made by the DND, for obvious reasons...


----------



## mudrecceman (4 Aug 2007)

What are you using?  A Baseline machine?  No GP-Net PCs in your lines?  

The guy who owns the DMZ/firewall in Leitrim probably doesn't care if you can't edit Wiki when you 'hit the Internet...fyi.  Same as Facebook...Hotmail...and my banks online banking site.

 ;D


----------



## Michael OLeary (4 Aug 2007)

If someone has designated responsibilities as a Unit Information Officer, or even a professional interest in ensuring that information on their unit/Corps/Branch/base/etc. is correctly presented on the net, then access to Wikipedia is a reasonable expectation.  I would suggest this is one more Big Brother Baseline approach using a cannon to kill a mosquito (assuming anyone was abusing such access in the first place).


----------



## Disenchantedsailor (4 Aug 2007)

There was a time when soldiers/sailors/Air pers were using the dnet for less than casual reading the newspaper purposes that made the DMZ/Firewall neccessary, and yes there are some sites that are blocked, and yes there is an internet content filter in place. Lets face it the DNET is for defence work only, if you want to check out your friends day on facebook wait until you get home. As far as ensuring unit information is correct on wiki, have your unit IT Coord submit and RFC to open up the firewall to that site for your logon. As far as the bank MRM, most banks do work, if you have one that doesn;t get ahold of the base Help Desk and see if there is a plan in place to open them up (some bases have a  standing RFC for banking sites) RFC take anywhere from 3-6 weeks to process. Hope it helps


----------



## mudrecceman (4 Aug 2007)

ArtyNewbie said:
			
		

> There was a time when soldiers/sailors/Air pers were using the dnet for less than casual reading the newspaper purposes that made the DMZ/Firewall neccessary, and yes there are some sites that are blocked, and yes there is an internet content filter in place. Lets face it the DNET is for defence work only, if you want to check out your friends day on facebook wait until you get home. As far as ensuring unit information is correct on wiki, have your unit IT Coord submit and RFC to open up the firewall to that site for your logon. As far as the bank MRM, most banks do work, if you have one that doesn;t get ahold of the base Help Desk and see if there is a plan in place to open them up (some bases have a  standing RFC for banking sites) RFC take anywhere from 3-6 weeks to process. Hope it helps



I am assuming you aren't familiar with where I did work...and where I am working now.

 ;D


----------



## Disenchantedsailor (4 Aug 2007)

Indeed, not a clue, all I know is 4 months ago I left the network svcs shop in Esq, where are you at??


----------



## Bintheredunthat (11 Aug 2007)

Thanks for the info Arty.  Things I never knew in there - I just always figured if I were to ask about things like that (especially banking), I'd get the old "you don't get it because we said so" line.

+1 Promotion from me - too bad your pay won't be affected.   :

Bin Muzzled


----------



## MOOXE (12 Aug 2007)

..........the answer back.........


DAOD 6001-1 defines the acceptable use of the internet, and clearly delineates approved, and unapproved usage, and Wikipedia as a resource would generally fall under approved.

The editing of blogs, Wiki articles and similar items fall under DAOD 2008-0 or 2008-6, and thus editing Wikipedia articles anonymously would be disallowed.

As you will have seen from the block page, only anonymous edits are blocked.
Anyone with a Wiki userid can make edits as they are traceable and attributable to a specific individual.

I would add that you should be careful with editing blogs and posting to forums for a few reasons: one - your IP address is tracked, making it well-known that you are operating from inside National Defence; two - be sure not to make any negative comments about DND or its personnel.

Please remember that websites track who you are, and DND tracks the websites that you visit as well.  Your chain of command is fully responsible for your activities on the internet.

If you have further questions, please contact me.


----------



## Disenchantedsailor (12 Aug 2007)

MOOXE said:
			
		

> ..........the answer back.........
> 
> 
> DAOD 6001-1 defines the acceptable use of the internet, and clearly delineates approved, and unapproved usage, and Wikipedia as a resource would generally fall under approved.
> ...



I'm still curious as to how surfing through wiki performs a defence related function for ALL mbrs of the defence team, althoug I have found from time to time interesting references while working on OPME courses. But the ability to log in to wiki (im not sure if it is an https://) should be reserved for few IP's otherwise we end up with a whole whack of soldiers trying to save thier units face on wiki rather than actually performing a military task. I do agree though with the remainder about being particularly careful what you post where. On a side note I have noticed even some parts of the forces.gc.ca that are firewall blocked due to active content.


----------



## Michael OLeary (12 Aug 2007)

ArtyNewbie said:
			
		

> .... otherwise we end up with a whole whack of soldiers trying to save their units face on wiki rather than actually performing a military task. ....



I always wonder why this specter of mass indiscipline is so commonly used by the DND IT world to justify restrictions, while at the same time they declare:



> Please remember that websites track who you are, and DND tracks the websites that you visit as well.  Your chain of command is fully responsible for your activities on the internet.



So which is it going to be?  Oppressive control of access, or expectations of responsible action and disciplining of those who choose to disobey rational expectations?   Why does it seem we try to have both?


----------



## MOOXE (12 Aug 2007)

Michael O'Leary said:
			
		

> I always wonder why this specter of mass indiscipline is so commonly used by the DND IT world to justify restrictions, while at the same time they declare:
> 
> So which is it going to be?  Oppressive control of access, or expectations of responsible action and disciplining of those who choose to disobey rational expectations?   Why does it seem we try to have both?



It is impossible to have one completely. Unless you shutdown internet access all together. 



> should be reserved for few IP's otherwise we end up with a whole whack of soldiers trying to save thier units face on wiki rather than actually performing a military task.



I would say, its the chain of commands responsibility and the individuals responsibility to ensure they do thier work. Not the handful of civilians and serving members who control the firewall. There are many other ways for a soldier to waste thier time, and usually the chain is there to stop that. This example of using the internet is no different in theory to someone taking 50 smoke breaks a day.


----------



## niceasdrhuxtable (12 Aug 2007)

Sorry, I may have missed something but what's the big hubbub about? You can still edit wikis on the GPnet without any problems. I only use DIN machines for email and looking up stuff on the DWAN, the GPnet is great for everything else.


----------



## navymich (12 Aug 2007)

niceasdrhuxtable said:
			
		

> Sorry, I may have missed something but what's the big hubbub about? You can still edit wikis on the GPnet without any problems. I only use DIN machines for email and looking up stuff on the DWAN, the GPnet is great for everything else.



I'm going to hazard a guess that the GPnet is an internet computer available to you at work that doesn't go through the DIN?  If so, that is great that you have access to something like that at work.  I'm sure there are alot more places then just mine that don't, or can't, have it though which leaves pers at the fate of the DIN.


----------



## George Wallace (12 Aug 2007)

GPnet (Purple machines) will allow internet access, where the DWAN doesn't always.  They still require logons and are monitored.


----------



## Disenchantedsailor (12 Aug 2007)

and GPNet (as well as IAccess through DWAN) do have limitiations as well (although bloody few) but they do permit the user to access things like parts of OGD sites, which comes in real handy during domops when you can't even get into a federal govt site to monitor river flow from the DIN. (also GPNet is not universally available ergo most units in Esquimalt's networking AOR still have shaw boxes for civi internet and no IMI no locks or controls)


----------



## niceasdrhuxtable (13 Aug 2007)

Ah, I didn't know they could be such a rarity for some pers. I figured they were ubiquitous throughout the CF just like DIN machines. Thanks for the info.


----------



## navymich (13 Aug 2007)

Their availability is going to be based on emcon and comsec policies too.


----------



## Disenchantedsailor (13 Aug 2007)

I think the big thing in marpac is BIS likes to test things until the next version of software or 5 comes out.


----------



## mudrecceman (13 Aug 2007)

Michael O'Leary said:
			
		

> I always wonder why this specter of mass indiscipline is so commonly used by the DND IT world to justify restrictions, while at the same time they declare:
> 
> So which is it going to be?  Oppressive control of access, or expectations of responsible action and disciplining of those who choose to disobey rational expectations?   Why does it seem we try to have both?



Part of the problem are people like my former SUNRAY who, I am positive, remember.  He did an "empire building" exercise and, unfortunately it was to his benefit and not in any way providing the best service to the units he supported.  I was EXTREMELY shocked when I made the move to that shop, brought some questions up and was basically told "this is the way it is".  That mentality, I have bumped into at the level I was at, at the next higher HQ, the ASU, and now I see it in the Navy and Air Force worlds, too.  From my perspective at "ground zero", the problems lies with the "because we always have" mentality.

FWIW, ADM (IM) was taken over by the gent at the helm now to solve the entire DND/CF IT with a "top down" approach.  Hence, the Forces domain.

Ref the firewall, rememeber folks, it serves 2 purposes, to filter outgoing and incoming.

The major thing lacking in the DND/CF I.T. world is a standard.  Forces/Baseline (or the anticipated Baseline-like SMS solution that was rumoured) is a move to that end.  An example is the rollout and use of GP-Net machines...I know some bases are using a AD type environment...others are "standalone and up to the Unit ISSO" type ones...

Different ways of doing business in a "normal" working environment simply waste alot of money and resources that could be used elsewhere.  Purchasing SW, when not specialized, by Environment vice Department, also costs more $ per license, etc etc.

Internet access is, in a way, no different than ammo on a range.  You won't get in trouble for using it, unless you weren't supposed to or did so in a manner contrary to regulations.


----------



## Greymatters (19 Aug 2007)

Mud Recce Man said:
			
		

> That mentality, I have bumped into at the level I was at, at the next higher HQ, the ASU, and now I see it in the Navy and Air Force worlds, too.  From my perspective at "ground zero", the problems lies with the "because we always have" mentality.



It is, I believe, one of the CF's worst faults, but not always due to individual persons.  Like any lumbering bureaucratic system, it often acts likes a dinosaur - it takes a while for 'new information' to reach the brain, then time for the brain to decide, and then more time for the brain to react... hopefully before the species gets wiped out by a meteor...


----------

