Understanding Logical Architecture

If you use the Defense Information System Network (DISN) for anything - to download
the latest security patches, check webmail on Army Knowledge Online (AKO), view information
on the AKO/Navy Knowledge Online (NKO)/Global Combat Support System Air Force
(GCSS-AF) portals, or analyze geospatial data dynamically on multiple National Geospatial-
Intelligence Agency (NGA) systems you've leveraged the Global Content Delivery Service
(GCDS) without even realizing it (DISA, 2017).
GCDS leverages commercial Internet technology to accelerate and secure DOD web
content and applications across the Non-secure Internet Protocol Router Network (NIPRNet) and
Secure Internet Protocol Router Network (SIPRNet) 24x7. GCDS global platform of hundreds
of specially-equipped servers helps the Department of Defense Information Network (DODIN)
withstand the crush of daily requests for rich, dynamic, and interactive content, transactions, and
applications. When delivering on these requests, GCDS detects and avoids DODIN-related
problem spots and vulnerabilities to ensure mission critical software downloads flawlessly, and
applications perform reliably. The same platform also secures critical applications using its Web
Application Firewall, allowing it to inspect web requests and detect application attacks before an
organizations web server and data center is exposed to a possible threat. Furthermore, GCDS
provides customers and security response teams with vital information that can be used to detect
and block anomalous and potentially malicious attacks. Overall, GCDS provides the best user
experience possible by not only increasing performance and availability anytime, anywhere for
the warfighter, but also enhancing the security posture of an organizations data center to ensure
customers data is secured 24x7 (DISA, 2017).
The Department of Defenses (DoD) network needs to be one of the most secure
networks in the cyber security realm. The DoD has many levels of security to their networks:
NIPR, SIPR, CENTRIX, and JWICS. These networks all relate to the different classifications of
information they contain. Looking at the sample topology from the Defense Information Systems
Agency (DISA) it all looks very confusing, but in reality the logic in it is that it is actually simple
when you see the patterns the design has to it. In the diagram provided in the attached
PowerPoint presentation I believe the pattern starts with the Tandem Switch and the End Offices
located in the center these make up the Interswitch Trunk of the diagram. From these locations
everything branches off hence it being called a trunk. These branches lead off into the many
Private Branch Exchanges, which once again branch out to other parts of the network (Defense
Information Systems Agency, 2016).
Simple is sometimes the best policy because in some cases the more complex a security
policy or design is the more issues will arise. The simplicity of the pattern of the network
branching off can allow for system administrators for each branch to manage those within their
Private Branch Exchanges.
References
Defense Information Systems Agency. (2016). DEFENSE INFORMATION SYSTEMS
NETWORK (DISN) CONNECTION PROCESS GUIDE (CPG). Retrieved from Defense
Information Systems Agency: http://www.disa.mil/~/media/files/disa/services/disn-
connect/references/disn_cpg.pdf

DISA. (2017). GLOBAL CONTENT DELIVERY SERVICE (GCDS). Retrieved from DISA:
http://www.disa.mil/Network-Services/GCDS