[All] FW: Advisory: Blocking Access to Specific, High-risk Cloud Computing Services
Bulger, Brad (ARC-SG)[Bay Area Environmental Research Institute]
bradford.bulger at nasa.gov
Mon Jan 13 12:45:06 PST 2020
If you've seen people on missions / mailing lists use any of these domains for sharing files or links, let us know. I think probably we're OK.
From: "daCruz, Dennis M. (AFRC-JC000)" <dennis.m.dacruz at nasa.gov>
Date: Monday, January 13, 2020 at 12:42 PM
To: "Bulger, Brad (ARC-SG)[Bay Area Environmental Research Institute]" <bradford.bulger at nasa.gov>
Subject: RE: Advisory: Blocking Access to Specific, High-risk Cloud Computing Services
I think we crashed the server (it should be up soon), but here’s the list:
January 2020 high risk Cloud websites being filtered
http://www.freefilesync.org/
https://uptobox.com/
http://www.reduceimages.com/
http://host4images.com/
https://geti2p.net/en/
https://www.sendspace.com/
http://www.mobile01.com/
http://www.url-encode-decode.com/
https://disk.yandex.com/
http://xuite.net/
http://pan.baidu.com/
http://www.nicovideo.jp/
http://en.pdf24.org/
https://userscloud.com/
http://turbobit.net/
https://zippyshare.com/
https://uploaded.net/
https://thekickasstorrents.com/
http://www.solidfiles.com/
http://tusfiles.net/
http://pdf2jpg.net/
http://www.iwantim.com/
http://codepad.org/
http://picascii.com/
http://damimage.com/index.php
http://www.pixroute.com/
http://imgspice.com/
http://www.pdf-archive.com/
https://weechat.org/
http://www.pic-upload.de/
If you have any questions let me know.
Dennis
From: Bulger, Brad (ARC-SG)[Bay Area Environmental Research Institute]
Sent: Monday, January 13, 2020 12:36 PM
To: daCruz, Dennis M. (AFRC-JC000) <dennis.m.dacruz at nasa.gov>
Subject: FW: Advisory: Blocking Access to Specific, High-risk Cloud Computing Services
The link is giving me a 503 error
https://developer.nasa.gov/cybersecurity/cloud_filters/blob/master/blacklist.txt
From: Agency-IT-Outreach <agency-it-outreach at mail.nasa.gov<mailto:agency-it-outreach at mail.nasa.gov>>
Reply-To: Agency-IT-Outreach <agency-it-outreach at mail.nasa.gov<mailto:agency-it-outreach at mail.nasa.gov>>
Date: Monday, January 13, 2020 at 12:31 PM
Subject: Advisory: Blocking Access to Specific, High-risk Cloud Computing Services
[Office name: Office of the Chief Information Officer]
Distribution Date:
January 13, 2020
To:
All NASA Personnel
Subject:
Advisory: Blocking Access to Specific, High-risk Cloud Computing Services
What’s Happening:
Beginning January 15, 2020, you will not be able to access specific high-risk commercial cloud computing services from NASA’s networks.
The use of these services poses risk to NASA’s networks because the security practices maintained by these cloud service providers are not suitable for the storage and processing of NASA data.
Click here for the current list of services to be blocked: https://developer.nasa.gov/cybersecurity/cloud_filters/blob/master/blacklist.txt
Blocking of such services is a continuous process decided by risk. If an imminent threat is posed, no prior notice will be given before additional services are blocked.
What is a High-Risk Commercial Cloud Computing Service?
Commercial cloud computing services are software, applications, servers, storage, and other computing capabilities provided by companies and are accessed over the Internet. Many cloud computing providers maintain good security practices and their services can be suitable for NASA use; this requires a NASA Authorization to Operate. For example, NASA uses authorized commercial cloud computing services to collaborate and store data.
A high-risk commercial cloud computing service is one that is determined, through NASA security assessments and processes, to have risk factors that create likely and significant risk exposure to NASA.
Authorized Services:
NASA’s authorized commercial cloud computing services go through a thorough security assessment that ensures adequate security mechanisms and processes are in place. Box, G-Suite, and Office 365 have all been authorized by NASA.
NASA employees should only use commercial cloud computing services that have been approved for use<https://intranet.share.nasa.gov/agency/cloudservices/Pages/Approved-Cloud-Services.aspx> by the CIO or other Authorizing Official and an Authorization to Operate has been issued.
To learn more about cloud service authorization, please contact your Center’s Cloud POC or open a Cloud Inquiry with the Enterprise Managed Cloud Computing (EMCC) organization<https://intranet.share.nasa.gov/agency/cloudservices/Pages/About-Us.aspx>.
Questions:
For more information on affected services or questions about the blocking of high-risk commercial cloud computing services, please contact Cybersecurity Chief Engineer Dennis daCruz: dennis.m.dacruz at nasa.gov<mailto:dennis.m.dacruz at nasa.gov>
This notice was sent by the OCIO Cybersecurity & Privacy Division.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://espo.nasa.gov/pipermail/all/attachments/20200113/ef4df0db/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 8967 bytes
Desc: image001.jpg
URL: <http://espo.nasa.gov/pipermail/all/attachments/20200113/ef4df0db/attachment-0001.jpg>
More information about the All
mailing list