Getting my military email address

[Eye In The Sky]

What's the big deal about not giving accounts to people?   I don't quite understand!  I've had an account made for me even though I used it once in 1.5 years (we used NFTC accounts for our buisness).  If they actually created the accounts even though we didn't need it (no, we did not request it!), why can't they provide it to people sitting and waiting for a course?  Maybe I don't understand the complexity of creating accounts but be kind, I'm no IT genius. 

I don't think you can access Facebook or personnal email from the DIN... Most bases have Gen Net access though.

Max

Creating the account itself it not complex.  The big deal is simple; every account has access to some portion of the DWAN.  The biggest threat to a IS/network is the users actually authorized to access that IS.  That is why there are (where I've worked) several signatures required for an account request for Protected B Processing/Protected A storage, and there is ALOT of crap that goes on in that world most people just don't see or know about.  If you think of DND IS as part of our National Information Operations (which it is), then maybe the idea of what I am talking about will start to form (threats to that IS).

As for your accounts, I am not speaking poorly of the PRETC troops, but in contrast to PRETC troops ...as IT Admins, we would think that mbrs such as yourself and your specific peers in training are not such a threat.  I am hoping you get my veiled speech on that, but PM if not.   ;D

 

[aesop081]

Is it that easy to get into trouble on a CF computer?

It sure is. Look at the people in the last couple of years being caught doing things they shouldnt have been.

 

[Eye In The Sky]

Is it that easy to get into trouble on a CF computer? How would it annoy "trained" people?

EITS, I wasn't talking about the email but the DND computer access.  I wasn't "trained" yet and didn't really need an account.  I don't think it annoyed anyone!

It was a reference to their level of knowledge and training, vice having something to do with if they do/do not need access.  They know just enough (in PRETC, most of them) to piss off the trained troops and get themselves in trouble.   ;D

Is it easy to get in trouble?  It sure is.  I am betting if I went to a computer you usually logged into, and went thru your local profile, I'd find something that shouldn't be there, officially.  And I've seen "officially" used officially before.  Best thing I can say is ignorance is not a defence.  ;D  

 

[SupersonicMax]

I don't think I used my account enough to have anything   The only reason I used it lately is to get a PMQ in Cold Lake and get my posting message via email.  Didn't even open Explorer...

 

[aesop081]

  Didn't even open Explorer...

Some people do, and thats when the trouble starts. A bunch of kids on PRETC sitting in a room bored + Internet access = Trouble.

 

[danchapps]

Some people do, and thats when the trouble starts. A bunch of kids on PRETC sitting in a room bored + Internet access = Trouble.

I've got some recent pictures of CFSAL to verify that fact. It wasn't pretty, and very expensive. Well, minus the internet, and it was one kid, but you folks can see where I'm going with it.

 

[George Wallace]

Is it easy to get in trouble?  It sure is.  I am betting if I went to a computer you usually logged into, and went thru your local profile, I'd find something that shouldn't be there, officially.  And I've seen "officially" used officially before.  Best thing I can say is ignorance is not a defence.  ;D  

How many times on this site, have we seen reports of CF members getting busted for "Porn"?  Guess how they got busted?

There is a serious Security issue with having a DND Account.  Everyone has to be conscious of what they use their accounts for, and how they manage themselves.

Eye In The Sky is trying to tell you that this is a very serious matter, and not a simple matter of registering your own Rogers/Sympatico/Aliant/Cogeco/Shaw/etc. account.  The DND systems are very well monitored for abuse, as is all Government networks. 

Next question is:  Why give out accounts to people who may not be in the CF in three months?  Just because you got through BMQ/SQ, doesn't mean you will pass Trades Training.  You could wash out and be Released.  Giving you an account, just wasted someone else's time and efforts, that I am sure could have been put to better use somewhere else, such as on me......  ;D

 

[Eye In The Sky]

There is a serious Security issue with having a DND Account.  Everyone has to be conscious of what they use their accounts for, and how they manage themselves.

And the truth is, most people don't realize just how true that is..until it is too late. 

Next question is:  Why give out accounts to people who may not be in the CF in three months?  Just because you got through BMQ/SQ, doesn't mean you will pass Trades Training.  You could wash out and be Released.  Giving you an account, just wasted someone else's time and efforts, that I am sure could have been put to better use somewhere else, such as on me......  ;D

This is true from a completely administrative perspective.  Each account takes time to create, configure, track during the process (we use trouble ticket software, someone has to open, update, and close these tickets), monitor, and delete/transfer as required.  Each user that is created has a domino affect on your IS, and affects other things, like data backups.  Most users aren't aware of and don't see the backend of these IS networks, but it is there and the bigger it is, the more people are required to administer and support it.

However, taken from a security perspective, all of these troops are potential threats from the inside of the network. 

Maybe this kid or one like him is one of the kids requesting a Forces/DEMS account.  Maybe he/she is disgruntled, and about to be released from the CF.  Who wants to be the NCO that signed off as his/her supervisor requesting his/her DWAN access? 

I won't get into the tech talk about all this, but there are 2 basic types of threats we protect DND IS from; external and internal (read our own users).  There are 2 basic types of security we use against those threats; physical (think locked doors, secure areas) and technical (user accounts, groups, file system security, and that stuff).  Assuming people won't misuse DND IS is as smart as assuming a C7 isn't loaded when you pick it up.  You don't, you do individual safety precautions (no mag fitted) or a proper unload drill (mag fitted).  We have our own flavour of those drills.

If anyone wants to know my credentials in this area, feel free to PM me and I will gladly provide.

 

[Disenchantedsailor]

The procees is not the same at all bases,  most in fact have unit level apps that do not require trouble tickets (AGMT) as is the case in marpac.  I can attest to this being a unit ITC myself, and in my former trade in the Network support shop.  Account creation even at the netadmin level takes about 4 minutes and occupies about %10 of the netadmins day, the rest beinbg spent on servers and data storage issues, the monitroing of accounts is a J6 function.

As for a forces user account and DEMS, one is an app the other is a network. in fact even a mailbox on the domain does not give every user message traffic from DEMS think of DEMS as a replacement to the ADDN, in fact address list and alias' have been created on the network specifically for DEMS purposes. Again my credentials and employment can be verified also.

 

[geo]

With a DIN account all the regulations are at your fingertips and as a new guy sitting around waiting for your 3's, what better way to kill time than to get familiar with the regulations. 

You would think so but, NOT always true.
When I tried to read some directives I was blocked.  When I argued about it, I got this reply from the main Puzzle palace

In accordance with DWAN Internet Access Security Policy, all Microsoft Word files (doc) are blocked at the DWAN firewalls. For access to this, you will need to use gpnet workstation as gpnet is located outside the DWAN and as such has a much lower security threshold. For access to and locations of gpnet workstations, see your local IT support personel.

and whe I argued about it again.... I got the following

The site

http://www.forces.gc.ca/hr/instructions/docs/word/instruction_20_04_f.doc

is not on the DWAN. It sits outside the DWAN firewalls on the GPNET and as such is treated like regular internet traffic.

So, although documents are on the DIN, they are NOT always accessible on the DIN (from your usual work station  :rage:

 

[WannaBeFlyer]

If you find this frustrating, you can imagine how I feel while attempting to configure and deploy software to the DWAN. I have learned to stop asking, "Why are we doing it this way?"  :brickwall:

 

[geo]

configure & deploy software to DQAN ???

Like what kind of software ? ... Approved kind or the "other" kind ?

 

[rmc_wannabe]

I'm surprised that there wasn't a sig in here sooner. The main reason people need forces "email accounts" are because thats the only truly solid way we get people on the DWAN. When we add people , we're adding them to the domain( a big list of useres that can access the DWAN from any computer on the domain). within these domains they get a nice personal Q:\ Drive and access to programs like EMAA, Mircosoft word, etc. Not to mention unit drives and such.Getting an @forces.gc.ca account is just a bonus.


Security wise, its a lot easier to screen one troop and track who is on what computer at what time on what site through an individual account assigned to that person instead of having generic accounts set up for untrained troops, anyone that has every used GPNET knows how easy it is to just log off when you get the nasty gram from CFNOC about a disallowed site. It similar to why we sign out keys for certain areas instead of others. If that person goes in and steals stuff, then you know who was in there and where to find the soon to be charged member.

So to answer the original question. I'd talk to the help desk in borden (your supervisors should have their number) and you'll have to fill out a request form, sign a user agreement (and yes, there is a portion on there for supervisor's signature... so if he doesn't feel you need it ...too bad), and then wait for it to be created.

Hope that helps you.

Velox Versutus Viligans

 

[Franko]

Some people do, and thats when the trouble starts. A bunch of kids on PRETC sitting in a room bored + Internet access = Trouble.

Also results in numerous bannings here        :

Regards

 

[Eye In The Sky]

Most of the issues with this is the misunderstanding and incorrectly used terminology.  

The DIN is in fact an Intranet site, meaning it sits behind the firewall/DMZ.  

Understanding what an IntraNet site is, vice an InterNet site, is important in this.

Generally speaking, "x.mil.ca" sites are IntraNet sites.  "x.forces.gc.ca" are InterNet sites.  When you are logged onto your Baseline computer, that belongs to a network that is behind the firewall (which is where the IntraNet webservers reside).  When you try to access a document from a "x.forces.gc.ca" site, that request then goes to a firewall server.  The firewall server is set up to allow/deny specific requests.  In this case, deny.

Geo, in your case, you are not trying to get a doc from the DIN, as the DIN truly exits, rather you are trying to access a document that resides on DND InterNet webservers from a Baseline PC (I am assuming) that resides 'internally', or behind the firewall.  From a PC you are logged into your Forces account with, any and all requests for access to Internet sites will hit the firewall server, which will allow or deny access to the site, and allow or deny access to a document on the site.  You may be able to 'see' the site but get the PFO message when you try to pull a document from that site, which seems to be the case here.

As GP-Net (which means General Purpose Network) resides on the outside of the firewall, you can access InterNet sites that you can't get to via a Baseline PC, because the Internet request from your Baseline PC goes to the firewall, where it says "uh uh".  That may or may not be the case from a GP-Net machine (which is not a true unrestricted InterNet PC like yours at home would be.)

The key to it, IMO, is understanding the DIN is not something users can see from the home Internet PCs.  I say "home" because I am anticipating someone talking about "using their DND laptop from home", which they are then using a PC that has DVPNI or something similar installed on it, that requires additional authentication to our RAS setups, encryption, tunneling of packets and other weird and wonderful things that makes your data packets gobbly-gook to anyone who can intercept them on the Internet, but useful to you when your laptop has the right "key" to use the encrypted data.  

The list of actual networks that comprise the DWAN is mind boggling and I know for a fact there are a bunch I haven't even heard of.

And I am betting its all clear now...

 

[Eye In The Sky]

I'm surprised that there wasn't a sig in here sooner.

That would be me. :  FWIW, I was managing DND IS as a Network Manager when you were 13.

The main reason people need forces "email accounts" are because thats the only truly solid way we get people on the DWAN. When we add people , we're adding them to the domain( a big list of useres that can access the DWAN from any computer on the domain). within these domains they get a nice personal Q:\ Drive and access to programs like EMAA, Mircosoft word, etc. Not to mention unit drives and such.Getting an @forces.gc.ca account is just a bonus.

You do not need a Forces account to access EMAA, an IntraNet site.  A DEMS mailbox is not a "bonus".  Your technical description is flawed and confusing.  @forces.gc.ca is just an SMTP address, not an account.

So to answer the original question. I'd talk to the help desk in borden (your supervisors should have their number) and you'll have to fill out a request form, sign a user agreement (and yes, there is a portion on there for supervisor's signature... so if he doesn't feel you need it ...too bad), and then wait for it to be created.

I am sure the NCOs are PRETC wouldn't want all their troops just calling the Borden HD anymore than the folks at the HD would want all these people calling them.

Users don't identify their own requirement at the Pte(R) level...think about it. 

 

[aussiechangover]

comming from PRETC myself doing OJT at the moment  I don't believe there is a need for a student on PRETC to need access to email. All of their queries can be directed through the appropriate company offices there and they can assist you with what you need. After all you should only be there for a short time before commencing your QL3's and you probably won't have access to it either.  If your going to be in the shacks for any extended period of time just get normal internet access hooked up it won't give you access to the DWAN but you'd be surprised what you can get off it normally.

just my 2 cents

 

[Eye In The Sky]

If your going to be in the shacks for any extended period of time just get normal internet access hooked up it won't give you access to the DWAN but you'd be surprised what you can get off it normally.

just my 2 cents

Such as...

DAODs

QR & O's

CFAOs

CBIs

etc, etc, etc.

 

[geo]

you might be able to get at some of the regulations .... but now necessarily all of them.
I found myself in a catch 22.  Couldn't get at the regs from my official CF terminal.  And the GP net terminals aren't available on this floor.

Ridiculous!

 

[Eye In The Sky]

you might be able to get at some of the regulations .... but now necessarily all of them.
I found myself in a catch 22.  Couldn't get at the regs from my official CF terminal.  And the GP net terminals aren't available on this floor.

Ridiculous!

Geo,

I agree with you.  Everything CF mbrs need should be available on our IntraNet, full stop.  I am hoping to explain 'the way it is now'...but certainly not saying "and this is the way to do business".  I'm just a worker bee after all!  8)