Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: VPN Service For a Deployed US Navy Ship?

Soulskill posted about 2 years ago | from the helps-with-those-call-of-duty-tournaments dept.

Security 349

shinjikun34 writes "I am currently stationed on a U.S. Navy ship deployed in a country with restrictive internet policies. We are currently in the process of setting up an entertainment internet connection for the crew to use in their downtime. I suggested (and was thereby tasked with finding) a VPN service that would support 100 to 500 devices, have an end point inside the continental United States, be reasonably priced, and secure/trustworthy. Something that is safe to use for banking and other financial affairs. Ideally, it would be fast enough to support several VoIP calls (Skype, Google Voice, etc) along side online gaming, with possible movie/music streaming. It will need an end point in the U.S. to allow for use of Google Books, Netflix, Hulu, and other services that restrict access based on region. I, in all honesty, have no idea where to begin searching, and I ask the good folks of Slashdot to aid me in my quest. One of the main requirements I was given is that the company has to be trustworthy. And it has to be a company — computer in someone's closet hosting a VPN isn't acceptable to the Navy. What services would Slashdot recommend? (I understand that our connection without a VN probably won't be able to handle the described load, but I would prefer a VN service that offers capacity above our need. That way when T/S'ing the connection, the VPN can be at least partially ruled out.)"

cancel ×

349 comments

WTF (0)

Anonymous Coward | about 2 years ago | (#40505363)

MIL:
yeah lets ask the guys on slashdot, they could help iam sure
SGT: yes sir, good idea sir

Re:WTF (4, Funny)

MachDelta (704883) | about 2 years ago | (#40505375)

You would prefer they asked the Geek Squad?

Re:WTF (4, Insightful)

Anonymous Coward | about 2 years ago | (#40505399)

Oh don't worry they aren't going to take your word for it.
But as far as doing their homework, gathering opinions and collating data for review, they're asking in one of the right places.

Re:WTF (3, Insightful)

homey of my owney (975234) | about 2 years ago | (#40505603)

But seriously... Are there no controls onboard a US Navy vessel that would prevent *anything* that's suggested here from being implemented?

Re:WTF (3, Informative)

History's Coming To (1059484) | about 2 years ago | (#40505945)

Yup, exactly. I'd be very surprised if there was a way to set it up so it was 100% guaranteed to be independent of military equipment (it's going to have to share the same satellite link for example), and unless there's a military networking specialist on /. who's happy to talk openly and publicly about their systems...?

The only people who should be setting this up are the people who admin the rest of the networking equipment on board.

Pair (4, Informative)

Frightened_Turtle (592418) | about 2 years ago | (#40505389)

Try Pair.com [pair.com] in Pittsburg, PA. I've been with them for over 16 years now and I've been very happy with their service and support.

Re:Pair (2, Funny)

Anonymous Coward | about 2 years ago | (#40505743)

%s/Pittsburg/Pittsburgh/g

Re:Pair (2, Informative)

Anonymous Coward | about 2 years ago | (#40505787)

That'll change properly spelled instances to Pittsburghh. What you want is to add a word-terminator to the expression so it doesn't break the correctly spelled words. /nerding out

Re:Pair (0)

Anonymous Coward | about 2 years ago | (#40505915)

%s/Pittsburg/Pittsburgh/g

Epic freetard fail.

Amazon Web Services? (1)

TerraFrost (611855) | about 2 years ago | (#40505391)

Just create a VM on aws.amazon.com and configure it to your hearts content.

Re:Amazon Web Services? (1, Informative)

Jerome H (990344) | about 2 years ago | (#40505445)

From the question:

And it has to be a company — computer in someone's closet hosting a VPN isn't acceptable to the Navy

So firstly he can't host it himself and providing a VPN service for 100 devices is by no mean a trivial task.

Re:Amazon Web Services? (1)

icebike (68054) | about 2 years ago | (#40505893)

100 devices (probably mostly phones and tablets) is not particularly difficult. In fact its no more difficult than providing a vpn for a single device.

Any one of a half dozen models of off the shelf routers (consumer grade) will do this out of the box for you and any number of ISP's offering VPN services are compatible with all of these and usually say so in their advertising.

Bandwidth is the only issue, but 100 or 200 wifi devices checking email instant messages once every 15 to 30 minutes presents no particular load. The OP is already aware of the need to limit concurrent VOIP or video sessions, but again, this is merely a bandwidth issue and nothing to do with the VPN.

.mil? (2, Interesting)

Anonymous Coward | about 2 years ago | (#40505393)

Doesn't the navy has its own Internet structure? Or may you not use that?

The end point should be run by the military (5, Informative)

mrmeval (662166) | about 2 years ago | (#40505397)

The NSA is tasked with securing such communication and you should regardless of classification of data be using their equipment or at least an approved system. In that way you know that you at least are protected from your provider.

Your users shouldn't even know you'd doing jack to their connection except to show as a US IP address. There should be no identifying information that points that IP to any military activity.

Re:The end point should be run by the military (2)

jo_ham (604554) | about 2 years ago | (#40505451)

Honestly yes, I agree with the above poster.

I'm amazed that the US Navy doesn't already run something like this themselves - they're the ones that know the communications capabilities and deployment of their ships better than anyone else. Surely given the number of ships and personnel outside the US at any one time it would be more effective to have an in-house team based in the US to handle this especially since many of the reasons listed are not exclusive problems of a "guest" country with an oppressive internet policy (google books, hulu etc that are geo-blocked for all other countries) .

Re:The end point should be run by the military (1)

kubernet3s (1954672) | about 2 years ago | (#40505513)

I'm sure the navy maintains communications for military matters, But things like online shows and gaming are probably recent enough that the navy hasn't felt the need to provide them to sailors as essential comforts

Re:The end point should be run by the military (4, Informative)

truesaer (135079) | about 2 years ago | (#40505533)

My guess is that the military DOES provide internet access. And it probably allows them to do basic web tasks, etc but does not allow streaming video, VOIP, etc. This is probably because they are on a limited satellite connection and have to guarantee performance for the actual military functions of the ship.

They also probably have access to Armed Forces radio and television, DVD libraries, etc.

Re:The end point should be run by the military (2)

Mr. Freeman (933986) | about 2 years ago | (#40505569)

I suspect this is the case. A VPN isn't going to help matters here because the real problem isn't routing, it's bandwidth. I think the OP has his priorities in the wrong order.

Re:The end point should be run by the military (0)

Anonymous Coward | about 2 years ago | (#40505739)

If you read the summary it is completely clear that he's concerned with the privacy issues of a local provider, not about using a US provided satellite connection.

Re:The end point should be run by the military (1)

History's Coming To (1059484) | about 2 years ago | (#40505963)

Agreed. Now a shipwide LAN allowing everyone to share their media, that's a good idea. Set up a Diaspora instance or similar and you've got a shipwide social network too. Doing it without jacking into the existing CAT5 (presumably?) might be tricky, a series of repeating wireless routers throughout perhaps?

Re:The end point should be run by the military (1)

gtirloni (1531285) | about 2 years ago | (#40505707)

I'm amazed that people really trust the OP is in a US Navy ship.

Re:The end point should be run by the military (4, Insightful)

girlintraining (1395911) | about 2 years ago | (#40505467)

The NSA is tasked with securing such communication and you should regardless of classification of data be using their equipment or at least an approved system. In that way you know that you at least are protected from your provider.Your users shouldn't even know you'd doing jack to their connection except to show as a US IP address. There should be no identifying information that points that IP to any military activity.

If you read between the lines, the poster is saying that this is an entirely separate network where the crew can bring their personal (non work) systems, and it will have no access or visibility to any of the ships systems or network. As such, those requirements go away. The Navy of course wants a US-based company to approach so they can monitor use and make sure that if another Wikileaks happens, they are a phone call away from saying "It was this guy, at this time, on this terminal," and also because US-based company means US-based laws -- and it's harder for a foreign national to penetrate a domestic service than a foreign one, especially after it gets hardened, which falls under the purvue of the DHS, not the NSA, in this case -- since the company is private, not military. And it probably will have cameras in the rec area, as all meeting and confidential areas on the ship do. So let's just go ahead and assume that the security people have already reviewed this and have green-lit it with the appropriate restrictions. They are, afterall, highly trained professionals. -_-

Remember that aircraft carriers have thousands of personnel, deployed for months at a time with no access to anything but the ship. Entertainment becomes incredibly important for crew morale, and the Navy recognizes the need to balance this; They want to give their crew access to everything you can do on the internet at home on their little slice of the United States afloat. And why shouldn't they?

Re:The end point should be run by the military (1)

Anonymous Coward | about 2 years ago | (#40505691)

Remember that aircraft carriers have thousands of personnel, deployed for months at a time with no access to anything but the ship. Entertainment becomes incredibly important for crew morale, and the Navy recognizes the need to balance this; They want to give their crew access to everything you can do on the internet at home on their little slice of the United States afloat. And why shouldn't they?

If it's so important and the Navy recognizes this: why isn't the Navy providing it then? Why is Joe Blow sailor the one trying to set this up?

Re:The end point should be run by the military (0)

Anonymous Coward | about 2 years ago | (#40505919)

Because "The Navy" is a collection of Joe Blow sailors? My GF is deployed on one of these ships right now and it's a fucking embarrassment. They have a 10Mb cap on email attachments. A single Predator drone transmits more data in a day than the entire Kuwait war, yet they are too cheap to pay the extra to up the connection speed from 56K?

I'm guessing they're stuck with high latency satelite modems so a bad ping in Counterstrike is forgivable, but the throughput should be fat as shit when the entire ship is crewed by people working 80 hours/week with little downtime to watch cat videos on youtube.

Hewlet Packard $3bn No-Bid Contract (1)

Kagato (116051) | about 2 years ago | (#40505723)

Like many technology items, the Navy contracts them out. HP got a sweet no-bid contract extention (HP bought EDS which originally bid it). Since then they have been charging the tax payer over $2000 a year to provide network connectivity... for EACH WORKSTATION.

http://www.wired.com/dangerroom/2010/08/hp-holds-navy-network-hostage/ [wired.com]
http://www.wired.com/dangerroom/2012/02/navy-internet/ [wired.com]

In theory the Navy is supposed to start rolling their own stuff, but my guess is since this is on slashdot HP is going to make a big stink about it and shut it down.

Re:The end point should be run by the military (5, Insightful)

jittles (1613415) | about 2 years ago | (#40505869)

If you read between the lines, the poster is saying that this is an entirely separate network where the crew can bring their personal (non work) systems, and it will have no access or visibility to any of the ships systems or network. As such, those requirements go away.

I just escaped from the world of contracting for the DoD and I can tell you that there is no such network on any military facility. Trust me. No boat, no ship, not even a storage shed. How do I know? Because I used to work on training simulations, and we wanted to set up things like a private WiFI network, to allow instructors to monitor simulations from a tablet device. Could we do so? No. It's against DoD rules. You can set up a private network, but only if it is wired, and only if it does not go out onto the net. Further, any machine on that network must comply with DoD Information Assurance (IA) rules. Those rules don't let you have USB enabled, you can't even have a USB port accessible on the device, without special authorization and hardening of the OS to disable the port, but allow charging.

The poster above is absolutely correct. You do not want to be caught setting up this kind of network. You will get in huge trouble if the DoD finds out. All internet access should be going from the ship, to their home port and onto the internet from there. If I were in charge of this boat, I would not do this without an order in writing authorizing me to do so because he's going to get burned if he goes thru with this.

what about USB keyboards / mouses? (1)

Joe_Dragon (2206452) | about 2 years ago | (#40506017)

what about USB keyboards / mouses? USB printers? as now days it's getting harder to find PS2 stuff.

Re:The end point should be run by the military (1)

chill (34294) | about 2 years ago | (#40505531)

...regardless of classification of data...

Wow, that is so wrong. There is no need for a TIC so the swabbies can stream Netflix, play Warcraft and Skype home to the wife and kiddies.

It looks like the local regime filters the Internet, so using local ISPs probably is straight out as too much shit gets blocked. All they're trying to do is bypass that.

Sonic.net (2, Informative)

Anonymous Coward | about 2 years ago | (#40505403)

I know Sonic.net offers their customers VPN service, and have a great track record and are a pleasure to work with. I'd call their business/enterprise department and see what kind of bandwidth they can give you in a VPN termination.

However, I hope you're aware of the dangers of having multiple secure and insecure internets in close proximity...I sincerely hope one moron with a patch cable can't bridge the "entertainment" network to anywhere else...frankly I'm surprised this isn't handled by the USN core networking folks already....?

q&a seems totally legit (2, Insightful)

djdanlib (732853) | about 2 years ago | (#40505407)

You realize that some of the people reading Slashdot around the world are going to have a vested interest in getting a back door into your affairs, right?

This would be an excellent trap to catch foreign agents.

Re:q&a seems totally legit (1)

girlintraining (1395911) | about 2 years ago | (#40505605)

This would be an excellent trap to catch foreign agents.

When you are in the world of spies, the real one, not the one on TV... that would be an epic newbie mistake. The security concern here would be military personnel taking pictures, probably to send home to family or whatever, and it winds up on Facebook, and in the background is something sensitive that they were unaware of. Stuff like that. The idea of a foreign spy on a navy ship using the public internet to e-mail The Secret Recipe to their handler is... well... insanely retarded. They would use a broad spectrum rapid frequency shift low power portable radio... or just toss the evidence overboard with a locator beacon set on a timer... something more like that. You don't use the internet for that kind of thing if you want to live long.

Re:q&a seems totally legit (1)

djdanlib (732853) | about 2 years ago | (#40505767)

That's some fancy Jason Bourne stuff you're talking about. Ever thought about writing? Sure, you can't prevent people from posting pictures, since every grunt's wife wants pictures of her man in uniform. But that's a concern at all military installations. There are protocols for these things and all communications are generally reviewed from really sensitive areas or people who have made mistakes. They should build a nondescript room for accessing the 'net so people can take webcam pictures without worrying about that.

I was thinking of the other end with my post. Some foreign gov't could set up a false VPN company, or put a Secret Closet into an existing VPN provider's facility, and have some people post glowing recommendations for it here. Or at any rate, they would know where the VPN endpoint is, with company name and/or location, which is very valuable intelligence. Since the asker is looking for what I assume is a set of the most popular opinions, it's a pretty ripe opportunity.

Why, it even sounds like something US intelligence would do! For example, https://www.eff.org/cases/hepting [eff.org] . Don't put anything past other people if we're doing it too.

Re:q&a seems totally legit (2)

Vegemeister (1259976) | about 2 years ago | (#40505895)

Or, rather than having to conceal non-standard equipment and leaving physical evidence and/or an RF trail, a spy could steganographically conceal encrypted secret documents in image macros, and post them to a public website such as 4chan.

Re:q&a seems totally legit (1)

Anonymous Coward | about 2 years ago | (#40505615)

You realize that some of the people reading Slashdot around the world are going to have a vested interest in getting a back door into your affairs, right?

Most people reading Slashdot have a vested interest in getting U.S. soldiers back to U.S. soil, regardless of if they are Americans or not.

Re:q&a seems totally legit (1)

Anonymous Coward | about 2 years ago | (#40505811)

Most people reading Slashdot have a vested interest in getting U.S. soldiers back to U.S. soil, regardless of if they are Americans or not.

But some of the readers might prefer the soldiers taking the trip in a coffin.

So let me get this straight... (-1)

Anonymous Coward | about 2 years ago | (#40505411)

You proposed something without having fully done the research beforehand? And the something you're doing likely violates the laws of your host country?

You're screwed.

Government systems? (2)

nighthawk243 (2557486) | about 2 years ago | (#40505417)

I would be very wary of doing such things on a government connection. Your C/O better have written off on it officially.

Re:Government systems? (1)

nurb432 (527695) | about 2 years ago | (#40505645)

Like that will stop you from going down when caught. Just means you will have company when you are court marshaled.

Re:Government systems? (0)

Anonymous Coward | about 2 years ago | (#40505713)

Connecting government systems to an outside provider will require more than just commander approval, you must get approval from your designated approval authority (DAA). Because you are deployed, your DAA is the Combatant Command level J6 director (I assume U.S. Central Command), and he will never sign off on that.

Your best bet is to get several sailors together and get satellite internet from a local company, with whatever proxy or VPN solution you want (the Navy isn't involved at all). Remember that the U.S. doesn't have status of forces agreements with most of the countries that we operate in, so you are bound by their laws and punishments no matter how backward or stupid you think they are.

No internet for you! (-1, Troll)

Anonymous Coward | about 2 years ago | (#40505431)

Hey, aren't you supposed to be out there securing us more oil. Or propping up puppet governments? Or killing foreign people that look different from us? We're not paying you guys to fap off to the internet, ya know.

Re:No internet for you! (-1, Troll)

clarkkent09 (1104833) | about 2 years ago | (#40505663)

Hey, aren't you supposed to be out there securing us more oil. Or propping up puppet governments? Or killing foreign people that look different from us? We're not paying you guys to fap off to the internet, ya know.
 
Posts like this shouldn't be voted off the page. They serve a useful purpose in reminding us of the most widely spread and repeated liberal myths that we should recognize for their extreme ignorance and laugh out of any serious conversation. If he only included words like "banksters", "koch brothers" and "faux news" it would be a perfect sample of what goes on for conversation on sites like huffington post and dailykos.

Re:No internet for you! (0)

paiute (550198) | about 2 years ago | (#40505771)

...liberal myths....

Many myths are descended from truths.

Re:No internet for you! (4, Insightful)

Oxford_Comma_Lover (1679530) | about 2 years ago | (#40506037)

Agreed. The US Navy does a lot of great things (some of their disaster work is first-rate, for example, and they also do anti-piracy work and help ensure free navigation), but our armed forces and military policy have also been responsible for a lot of really bad things (allying with armed forces that place zero value on human life, adding to demand for forced prostitution, propping up oppressive regimes).

It's not black and white, and talking points on both sides (insofar as there are only two) have some truth to them.

Re:No internet for you! (0)

Anonymous Coward | about 2 years ago | (#40505847)

Rah! Rah! Liberal media! Liberal myths! Stupid liberals!

forget online gaming on a ship as the lag is kille (1)

Joe_Dragon (2206452) | about 2 years ago | (#40505439)

forget online gaming on a ship as the lag is killer and moving from area to area can lead to drop outs.

Re:forget online gaming on a ship as the lag is ki (0)

Anonymous Coward | about 2 years ago | (#40505505)

Not to mention plugging personal equipment into a DoD network is a no-no. And forget the fact that online gaming is probably not the most appropriate use of limited shipboard bandwidth...

When in Rome ... (0, Flamebait)

PPH (736903) | about 2 years ago | (#40505447)

I am currently stationed on a U.S. Navy ship deployed in a country with restrictive internet policies.

Then respect the laws of that country and don't try to bypass their Internet policies.

Re:When in Rome ... (1, Insightful)

spire3661 (1038968) | about 2 years ago | (#40505503)

The ship itself is U.S. territory.

Re:When in Rome ... (1)

Anonymous Coward | about 2 years ago | (#40505733)

The connection over which the data is traveling is not US territory. What's your point?

Re:When in Rome ... (0)

Anonymous Coward | about 2 years ago | (#40505813)

Not only is the US aircraft carrier US territory but whatever country you are in is US territory -- at least if you want it to be. ;-)

Re:When in Rome ... (-1, Troll)

Anonymous Coward | about 2 years ago | (#40505579)

I am currently stationed on a U.S. Navy ship deployed in a country with restrictive internet policies.

Then respect the laws of that country and don't try to bypass their Internet policies.

But the laws of that country also forbid sucking each other's dicks -- what's a bored sailor to do?

Re:When in Rome ... (5, Interesting)

ShanghaiBill (739463) | about 2 years ago | (#40505619)

Then respect the laws of that country and don't try to bypass their Internet policies.

Foreign laws don't apply on an American warship, which are considered US territory. I learned this in a very practical sense many decades ago, when I was on an LPH [wikipedia.org] in the South China Sea. We picked up a load of Vietnamese boat people, including a pregnant women. During the stress of the transfer she went into labor, and the baby was born on the deck of our ship. When we returned to Subic Bay, all the refugees were transferred to a refugee camp. Except the woman and her baby. They were taken to the US Naval Hospital, and then flown to the USA. Since the baby had been born on the deck of an American warship (US Territory) it was an American citizen, not a refugee.

Re:When in Rome ... (1)

PPH (736903) | about 2 years ago | (#40506051)

Then the Navy should provide such a VPN and a secure network channel back to US territory. Depending on a private VPN provider is not a good idea. Aside from trust issues, using one VPN per ship can still provide useful traffic analysis data. Internet traffic from military personnel should look like it comes through one portal, or be randomized so that location data cannot be deduced.

And then there's the issue of VPN security through foreign Internet facilities. Its quite possible that the country you are stationed in has equipment [wikipedia.org] capable of cracking your VPN. Even the evidence that a VPN is in use over their network facilities, where it might be prohibited by their local laws isn't good policy. That's the kind of thing that makes some people mad enough to strap on a bomb

Re:When in Rome ... (1)

clarkkent09 (1104833) | about 2 years ago | (#40505679)

But when you are in the US try the best you can to avoid the laws of the that country such as IP laws? Why are extremely restrictive laws in a foreign country more important to follow that much less restrictive laws in your own?

so (0)

Anonymous Coward | about 2 years ago | (#40505931)

if i build a ship in canada and put it inthe backyard of a us resident i can say fuck you to hollywood? HAHA stupid americans....tricks are for kids....

Re:When in Rome ... (2)

Vegemeister (1259976) | about 2 years ago | (#40505917)

Laws are not deserving of respect.

Shameless plug: our company ReachIPS could do this (0)

Anonymous Coward | about 2 years ago | (#40505453)

Shameless plug: our company ReachIPS.com could absolutely do this (contact us) //GregH (an engineer at the company not in sales).

TANSTAAFL (0)

Anonymous Coward | about 2 years ago | (#40505495)

You want (1) high speed, (2) large bandwidth, *and* (3) high security. You can have any two of the three.

But seriously? Is the ship not already outfitted to use OCONUS Navy Enterprise Network (ONE-Net)?

What type of connection? (1)

truesaer (135079) | about 2 years ago | (#40505497)

I'm surprised this is even an option, I recently worked at a remote US government facility and there were heavy filtering requirements in place. Do military regs really allow you to avoid their regular IT controls and policies this way?

At any rate, my first question is are you talking about a physical internet connection while in port, or using a satellite at sea or what? You're talking about supporting an awful lot of users and data through the VPN, but can your basic connection support that?

I always use vpn.al-qaeda.net (1, Funny)

Anonymous Coward | about 2 years ago | (#40505507)

You imperialist murderers.

Build your own - not at someone's house though. (3, Insightful)

KingRobot (703860) | about 2 years ago | (#40505521)

1) Lease a box at a site with reliable, low-cost bandwidth (Somewhere like PhoenixNAP, AtlantaNAP, Rackspace, etc.) - This should run you between $50 - $150/mo for a decent system with several terabytes/mo data transfer (More than enough for Hulu, Netflix, etc.). 2) Make some friends in the Navy IT dept. - Have them help you set up a hosted VPN service on the box in their off time. This will be the lowest cost, most secure, and most reliable service you can get.

Re:Build your own - not at someone's house though. (1)

anon mouse-cow-aard (443646) | about 2 years ago | (#40505625)

on the ship, setup up a linux or bsd pc as the local vpn end point. Rent a VPS at any of hundreds of such providers in the US. for one household to do this, you can get a US server for 8$/month or less. You need to pay more for network capacity, but not a huge amount. You set up 1 and only 1 VPN connection... NAT through it. The people on the ship just set their default routes (you provide a DHCP service.) I would use a pair of Debians for this, but whatever works for you.

Re:Build your own - not at someone's house though. (1)

Kalriath (849904) | about 2 years ago | (#40505855)

It's like none of you even read. It specifically says it must be a reputable company. Building their own is not an option.

The own Navy? (0)

Anonymous Coward | about 2 years ago | (#40505539)

IMHO, that sounds like something all navy ships would want to have.... so why not have the own navy it department at the other end of the vpn?

Needless to say, in a network separated physically from anything important, but still inside the control of the own navy..... no better way to address security concerns.....

Almost all VPN services are fly-by-night ops (2)

Cthefuture (665326) | about 2 years ago | (#40505545)

Almost all VPN services are fly-by-night ops. Just don't do it. Seriously, they come and go like the wind. I'm sure there are legit and have been around for a long time but it's nigh impossible to vet any of these companies.

Instead find a good hosting providing and rent yourself a server with the amount of bandwidth you need and the location in the US you want (most providers have data centers in various places). For more security I would get a whole machine, not a VPS. Run OpenVPN or whatever on it and you're good to go. It wouldn't need much disk or RAM.

IPv6? (2)

jonsmirl (114798) | about 2 years ago | (#40505561)

Not a VPN, but what about a IPv6 tunnel to Hurricane Electric? Much of what you are interested in is IPv6 accessible. And the HE tunnel is free.

Might check and see where the IPv6 anycast address routes to from your location. Might be in a different country.

Don't (2)

longk (2637033) | about 2 years ago | (#40505565)

Anything other than a government controlled VPN would be a dumb move. One step back though, why do you need a VPN? I assume the Navy can get his hands on a decent US IP range and have it routed properly? Even with non-US IP's you can probably get access. Most entertainment companies have good relations with the military - they could provide access as a courtesy.

Could be simple. Could be complex. (1)

neiras (723124) | about 2 years ago | (#40505583)

Create a VM endpoint in the US on something like Amazon Web Services. Fire up a tunnel (vtund over ssh? openvpn? whatever) from your ship's router to your endpoint, route traffic through it, make sure your local DNS resolves through the tunnel, and call it a day. This way you won't need to tell people to mess around with VPN clients. The fewer moving parts, the better.

This is pretty simplistic though. You need to give us more details. How much bandwidth do you have to play with? What is the expected latency? How much tolerance is there for downtime? How much access control do you need? There are all kinds of additional steps that could make this kind of service more reliable.

The real answer (-1, Troll)

Anonymous Coward | about 2 years ago | (#40505585)

Stop messing about with VPN's and get back to the business at hand

Murdering people and stealing their oil

Why doesn't the Navy already have one? (1)

SilverJets (131916) | about 2 years ago | (#40505591)

Is the OP saying that the Navy doesn't already run a VPN? WTF?

Technical Question: (1)

NEDHead (1651195) | about 2 years ago | (#40505609)

How much salt water safe coax can they trail behind the ship? I mean, it can get pretty messy, especially if they go around an island or something. Really, shouldn't the poster have at least considered these basic issues?

No wonder the navy budget is HUGE!!!

What the... (4, Insightful)

Cimexus (1355033) | about 2 years ago | (#40505617)

OK I'm not American (I'm Australian), but this whole post elicits a massive "WTF" from me.

If this is a Navy ship, belonging to the world's most powerful military and run and administered by a branch of the US Government, then surely:

a) if this kind of usage of the connection is permitted, the Navy (or other government entity) would have its own infrastructure you could use for this; or

b) if not, there'd already be a clear policy that stated who your preferred providers of such a service would be (having been vetted and cleared for such use by the relevant IT people within the Navy)

I mean, I can't imagine any government department, let alone the Navy, giving some random guy the task of finding and setting up a VPN via whatever means he happened to think was good.

Also, um, doesn't the ship have its own internet connection? I'm surprised that the filtering practices of the country where you're based are affecting you ... surely you don't allow people on the ship to use random, untrusted connections provided by whatever place you happen to be in?

Anyway, as I said, I'm not American and wouldn't have a clue how the US military operates. But I can tell you this kind of thing would never fly in a government department here.

Golden Frog (0)

Anonymous Coward | about 2 years ago | (#40505623)

http://www.goldenfrog.com/vyprvpn

This service, although fairly new, comes from the Giganews / Data Foundry people, who have been around for a long time.

How did this make it on the site? (0)

Angrywhiteshoes (2440876) | about 2 years ago | (#40505633)

The government already has contractors to handle things like this, call Lockheed Martin or Northrop Grumman, don't ask a multinational use-base how to secure Government communications.

AdmiralAckbarItsATrap.jpeg

Bad idea (0)

nurb432 (527695) | about 2 years ago | (#40505637)

This has bad written all over it, and i cant believe its even allowed.

Just dont do it.

just leave the army (-1)

Anonymous Coward | about 2 years ago | (#40505639)

and get your ass outta there.

Hey I got a company! (1)

microcars (708223) | about 2 years ago | (#40505647)

a new startup! (as of today)
And a dedicated room (very very small...) for the computer!
use my company! You can trust me... er, my company.

Mercenary Security (0)

Anonymous Coward | about 2 years ago | (#40505655)

Well as german company we've far stronger boundries related to data protection then any other company in the USA.
We're specialized in network security as well.

The Broadband in the USA is not realy fast so if you can consider it visit www.mercenary-security.com or send a e-mail to info@
We worked for major american companies like MTV already and assisted them to secure their network.

Pricing is negotiable but if you're at a ship the delay via sat-links is likely more importent.

You'll want a contract, not a provider (0)

Anonymous Coward | about 2 years ago | (#40505659)

For the size you're talking about, you'll want to actually negotiate a contract with someone. I use VyperVPN via Giganews, but I'm not sure if they are a US company.

I assume you'll be routing this stuff through Tor (after all, this is exactly why the US Navy _created_ Tor; you can't expose the true location of that ship, dammit.)

I would think you could do a deal with any of the "hotel" network providers (Innflux, AT&T, etc.) to essentially provide that same service -- via VPN -- for your setup.

BTW, I assume this stuff will be going over InMarSat? Remember that's _very_ expensive, so MMO's would probably cost a fortune.

I also don't see how you're going to get approval to drop a network onto a ship without a full-up IA certification from DoD. I've run networks onto military bases, and it's a year or so to get all the approvals in place, even when you're not touching their networks at all.

surprised they don't provide this already (1)

v1 (525388) | about 2 years ago | (#40505661)

I understand personal unsecured devices on the DoD network are forbidden, but it's also easy to see where you literally have a boatload full of people with ipads and personal laptops with webcams that want internet access and a connection to family at home.

Creating a second, public-only network is the obvious solution. But given the recent wikileaks-ish concerns, I'm amazed that they are considering anyone else providing this service. It would seem that the logical thing for them to do now is to create a vpn tunnel themselves and run their own endpoints in the states. I can't imagine them not wanting a high degree of control and monitoring of it. The last thing they want is a vpn they can't easily tap into that creates a difficult-to-monitor information pipeline out of a secured environment, even if not directly-connected to the secured network. It's connected indirectly by the entire crew.

This really needs to be done internally, under the control of the military, not farmed out. Think about postal mail and now email. If you're on tour and write a letter back home, and are stupidly saying things you shouldn't, like "so excited to see we're FINALLY going to go to XXX and kick some ass next week!". That gets censored out before it gets to the states of course. Last thing in the world they want is for all the sailors to have a vpn where they have very little or no control over that.

Odds are good that whoever tasked you with this didn't quite understand the can of worms you are attempting to open; just because they're higher rank than you doesn't mean they know the subtleties of what you do. And if it does go through, it won't last long before someone higher up with a more complete understanding puts their foot down, or the press gets ahold of what's going on and has a field day. (or both)

FIPS Certified VPN Solution? (0)

Anonymous Coward | about 2 years ago | (#40505665)

As a part of the NAVY, don't you need a FIPS certified VPN solution?

NMCI / NGEN (2)

BenJeremy (181303) | about 2 years ago | (#40505671)

Maybe you should call your support desk or talk to your commanding officer?

A LOT of money has been spent by the government to give you a secure environment, with thousands of pages of STIGs to comply with, encryption, and other safeguards.

It sounds like you want to do an end-run around the regulations and security imposed on your shipboard environment. The policies in place have been shaped over the last two decades.

Do you have the slightest idea of the issues involved? We got in trouble for pinging ONCE A REBOOT from PCs that were shipboard (to check to see if they had rejoined the land-side networks), as the Naval side saw it as an attack on their network. There are real bandwidth issues on board a ship, as well as a whole slew of security issues. Just tunneling through a VPN connection is not a solution at all.

Dude, you're the military (0)

circletimessquare (444983) | about 2 years ago | (#40505681)

You're supposed to build this yourself, because, as the saying goes, loose lips sink ships. You are proposing a non-military access point onto a vessel vested with the task of protecting the interests of the United States. You're asking for a tactical trojan. Security should be your highest concern.

So you need to figure out how to do it in house. That's why you get so much $$$ in the Federal budget. So go spend some of it. We give you the big $$$ because I don't want the good guys protecting me exposed to network vulnerabilities YOU brought on the ship.

Frankly, your question reminds of this post from the other day:

http://tech.slashdot.org/comments.pl?sid=2947355&cid=40496109 [slashdot.org]

Re:Dude, you're the military (2)

girlintraining (1395911) | about 2 years ago | (#40505751)

You are proposing a non-military access point onto a vessel vested with the task of protecting the interests of the United States.

It's the goddamned internet... You have to hook it up SOMEWHERE . If I could, I'd build a plinth and put this comment on the top and a faceplate under that said "Stupidest Person in IT Award (2012)". I'm gonna go take a shower now... I feel dirty.

Re:Dude, you're the military (0)

circletimessquare (444983) | about 2 years ago | (#40505805)

Then you have to question the wisdom of putting the Internet on a military vessel

It's the goddamned SECURITY that is the issue here, dear genius IT person

Re:Dude, you're the military (2)

girlintraining (1395911) | about 2 years ago | (#40505857)

It's the goddamned SECURITY that is the issue here, dear genius IT person

I guess I just don't see how two computers that have no electrical or wireless connection to one another can intefere with one another in a malicious fashion. Perhaps you could enlighten me, oh Ye of Infinite Knowledge?

North Olympic Peninsula Data Centers (0)

Anonymous Coward | about 2 years ago | (#40505685)

NOP Data Centers is located on the Olympic Peninsula in Washington and employs people with established DoD credentials.

There are normally 2 sometimes 3 networks on board Navy vessels and each network is totally indapendant of the other with no physical shares.

Rednet: This network is restricted and carries classified material
Greennet: Is restricted, but carries no classified material
Hotsopt/Internet Cafe is open for general use by end user devices

Login, Inc. Tucson AZ (5, Interesting)

gavron (1300111) | about 2 years ago | (#40505689)

We are happy to provide you free VPN termination for your needs. You're welcome to have us
checked out. US owned, operated, our CEO is the son of a service person, and we support our
armed forces. Contact sales@login.com and we'll set up whatever GRE/IPSEC/other VPN you
want.

Thank you for your service.

Ehud Gavron
Login, Inc.
Tucson AZ US

How about the navy host it? (0)

Anonymous Coward | about 2 years ago | (#40505695)

The military sucks up 1/3 of all discretionary spending by the US every year. We spend more on the military than the entire world combined. One would think all that money, and the Navy could figure out how to do this by their own fucking selves.

Yeah, I know, "support the troops" "USA USA USA"

Be easier to get behind that crap, if it weren't for the military only used for illegal imperialist acts of aggression (in my, and probably most /.'ers lifetimes).

Also be nice if the military wasn't directly competing with education, and trouncing education so badly (if that money were given to the states earmarked for education, instead of wasted on the very bloated military machine). We need to cut education spending (again), so what if Johnny can't read, he can be cannon fodder in the military which just got another 20% increase in budget.

But, "USA USA USA"

Suspect question (0)

Anonymous Coward | about 2 years ago | (#40505711)

I don't know who this guy is, an IT3 would know better. I am having a hard time believing that he would contemplate doing this, or his COC would entertain it.

There is no way USN information assurance policies would support doing this through anything but a US Government service. I have not been on a ship for about 6 years, but back in 2006 the IA policies allowed were comparable to corporate policies. You could do limited personal business on your own time on a not to interfere basis. However, personal devices, VPNs, proxy servers or anything else which shielded your activities from monitoring and oversight were strictly prohibited. The security implications are just unacceptable. I can just imagine people leaving location services turned on and broadcasting the exact position of the ship from their iPad.

Whatever solution you could come up with would still need to use the government satellite connection to get to and from the ship which does not have the bandwidth to support his desires anyway, at least not without interfering with it's intended purpose.

China (0)

Anonymous Coward | about 2 years ago | (#40505731)

Queue the deluge of posts from China indicating what the best VPN to use would be...

Not really an answer just input (1)

likuidkewl (634006) | about 2 years ago | (#40505737)

After being deployed for nine months aboard a US carrier a few years back I can completely understand where the want for an external network is coming from. I assume you are looking for a in-port solution, at sea this is completely against IT policy. I would get in-touch with the MWR rep they may be able to pull some strings back home.

What is the physical layer? (3, Insightful)

rogueippacket (1977626) | about 2 years ago | (#40505747)

Nearly a hundred posts, and neither the submitter and only one responder have asked. The presence of the word "ship" leads me to believe we're talking about wireless, combined with "restrictive Internet policies" drives me to the conclusion that this is terrestrial wireless to a local ISP. Submitter should clarify this, because it will directly impact their requirements for latency and bandwidth long before a discussion around VPN providers should occur.

I know this one... birdstep (2)

gl4ss (559668) | about 2 years ago | (#40505791)

http://www.birdstep.com/english/secure-mobility/safemove-mobile-vpn.aspx [birdstep.com]

dunno if it's expensive, it should provide a bridge though since that's what you need(apparently, so that your lan games don't route through to usa and back. where safemove is good is that you could install it on the machines and go to a cafe on shore and still be safe, with pretty much zero hassle).
what you want is a service with which you can locate the endpoint in a datacenter you choose, the military probably has some.

buying that endpoint service inside usa is probably going to be peanuts compared to buying the actual bandwidth for those 500-1000 users in some shithole country.

(some people on the thread don't seem to understand that this is the _entertainment_ network with machines separated from the military side, it's pretty much standard practice in any competent military).

Suck it up (0)

Anonymous Coward | about 2 years ago | (#40505819)

And do as we did 30 years ago when I was in the Navy. Watch the ships onboard TV network, listen to tapes, listen to the local radio, watch the local tv and have fun trying to figure out what the hell the commercials are advertising (real fun when we were in Japan). Russian TV is entertaining also. Play cards, chess, Backgammon, etc.

IA (0)

Anonymous Coward | about 2 years ago | (#40505831)

I know the Information Assurance (IA) community within the Air Force is somewhat particular with commercial ISPs for moral. There may already be a fix for your problem, however I do understand the difference between the AF and the USN.

What an AWESOME TROLL (5, Insightful)

utkonos (2104836) | about 2 years ago | (#40505885)

This article has to be one of the best trolls to have even been done here on Slashdot. Not only did it get the editors to put it on the front page, but it also has most everyone actually taking it seriously.

Alternatives =) (0)

Anonymous Coward | about 2 years ago | (#40505903)

First... in the ship is almost impossible to implement a VPN for this proposes... unless the USA military are crazy!
If what you, and your friends, want is to be able to use the "local" internet at other country's, from your personal computers (can you have personal computers? such a fail in security!) you can use something like your own VPN server in a datacenter in USA and connect to it... or rent a service like Pro VPN from hidemyass, or Steganos Internet Anonym VPN.

US NAVY go fuck yourself (-1)

Anonymous Coward | about 2 years ago | (#40505909)

US NAVY go fuck yourself and your entertainment industry....
-canada

stop wasting my tax money u fairy semen (0)

Anonymous Coward | about 2 years ago | (#40506013)

instead of wasting my money on streaming pornos why dont u just go back to bukakeing each other in showers, fags

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...