Security changes impact some AKO users
By: Danny Spatchek
Tue, 13 Jul 2010 04:00:00 GMT
WASHINGTON (Army News Service, July 13, 2010) -- Security changes for Army Knowledge Online recently prevented a small percentage of users with older browsers from accessing the web-based portal.
AKO, the original Army "cloud" computing environment, serves more than 2.3 million unclassified users and more than 123,000 classified users including active duty, National Guard, Army Reserve, Department of the Army civilians, contractors, family members and retirees.
The Department of Defense discovered in an annual audit that AKO was not carrying the most secure algorithms available. After implementing June 23 the 6140-2 Compliance Algorithm, about 100 users per day began contacting AKO saying they were unable to access the portal, said Dr. Kenneth Fritzsche, AKO product director.
The AKO team then posted a news release on the Army.mil website detailing the way those impacted by the change - mostly users with older browsers such as Internet Explorer 5.5 and 6.0 - can make their browsers compliant.
According to the release, users of Internet Explorer 6 and higher should go to: Tools, Internet Options, Advanced Tab and scroll down to the security section to ensure the "Use TLS 1.0" option is selected before clicking OK. Mozilla Firefox users should go to Tools, Options, Advanced, Encryption and also select the "Use TLS 1.0" box. If this option is not available, users should ensure they have the latest updates for their browsers.
The release encouraged those who need additional help to call the Army Enterprise Service Desk anytime at (866) 335-2769.
"Few users relative to our overall population were impacted by the security changes -- less than 1 percent. We're not seeing a downward trend of logins on AKO," Fritzsche said.
Fritzsche said that although the number of AKO users who are unable to access the portal is low compared to the total number of users, the AKO team is reaching out to them through various forms of social media such as Facebook, Twitter and Google Alerts.
Chief of Security at AKO Joel Robinson stressed that AKO cares about their users without access.
"We do care about the less than one percent," Robinson said.
"Our users depend on AKO for everything from communicating with business associates and family members to tracking their pay, training, clothing records and much more. Not being able to log on significantly affects our users," Fritzsche added.
Fritzsche said that the newest browser versions such as Internet Explorer 7, 8 and Firefox, the most prevalent browsers among AKO users, were not impacted by the security changes. Classified browsers were also not impacted by the changes, probably because they use up-to-date browsers, Fritzsche said.
Fritzsche said that around 400,000 people login to AKO about 800,000 times per day and at the busiest point in any given day 50,000 people are logged in to AKO.
"We block roughly 450,000 pieces of spam daily. However we block seven to nine million connection attempts daily from known spam cannons," Robinson said.
Fritzsche named several security measures AKO previously had in place. After logging into AKO, users must answer three personal questions. If a user answers even one question incorrectly he or she gets two additional chances to answer new questions correctly before being denied access.
Robinson said users who log in with a Common Access Card can also now be denied access to the portal.
"We can now type in someone's name who shouldn't be allowed into AKO and deny him access. Our ability to deny access to people for security is a big upgrade," Robinson said.
Fritzsche added that soon users will be able to access AKO through mobile devices, like an iPhone.
Fritzsche mentioned some of AKO's longer-running applications such as the people search and instant messaging. He said AKO users send 8 million instant messages each month.
AKO also allows users to create a microfile - a generic or individualized profile that can include interests, skills and experience.
"If you need someone who knows how to use GPS, you could type in GPS and find anyone who has GPS experience and use the information from their profile to find out where they live and how to contact them," Fritzsche said.
Fritzsche and Robinson said they "take a lot of pride" in providing AKO's features to the people in the "world's largest corporate intranet."
"We're in a constant struggle to balance security and usability," Robinson said. "We want to make sure users everywhere in the world can use AKO. There are over 10 million files on AKO and we want people to be able to access those files."
