When I started working in a DoD building about 15 months ago everything was fine. Sure the networks ran slowly on occasion, but it is a huge building with a lot of employees using the computer systems, slowness I could understand and deal with. For my job I use three separate computers on a KVM switch and frequently change computer through the day depending on what I am working on. For the first seven months everything was dandy, I logged into the network with a user name and password (that I had to change more frequently than I like, but again I could deal), and it would take me an average of 10-15 seconds to switch from one machine to another and log in.
But then about 8 months ago they CACed the entire system. For those of you who don’t know a CAC is a Common Access Card that (as far as I know) every DoD employee is issued that includes a microchip and magnetic bar. For a while I only used mine to get into the building and for identification as I was walking around the building, but then they changed it so that everyone needed to use their CACs to log into their computers. Now it took me closer to 30-60 seconds to switch machines because it takes a while to recognize the card and a while longer to log in. Annoying, but still manageable.
Lately it has been getting ridiculous though. Now the USB card readers that we have can take upwards of 50 or more tries (insert card, remove card, hit ‘enter’, insert card…) to even recognize the card at all plus another 5-10 minutes to log in. Today I broke my record with 2 full hours of my eight hour day spent doing nothing but trying to log into my machines. It is maddening.
We’ve got the same issues with our CAC. The card readers are built into the keyboards, and they can be touchy, too. So far, we only use it on our unclass network, but I wouldn’t be surprised if they move it to the various classified nets too. Great for productivity… :rolleyes:
Nothing but to commiserate. Unfortunately he can’t do anything about it either as we are contractors. We can talk to our contract coordinator when he gets back to town next week, but I am guessing that the best he can do for me is to get me some new USB readers which might get me back to only spending 15-20 minutes a day logging in. sigh
It wasn’t until I got this job that I fully realized how inefficient the government can actually be. Libertarians are sounding more and more reasonable every day.
I have a lot of processes that I run that can take between a few hours and a few months to finish so sometimes I need to have three computers to do everything though more often than not I only actively use two. Actually I have 6 machines all together but the other three are not hooked up to the network and are only used for software testing on specific ghost images so I don’t need to use my CAC to log onto those.
Just in case you’re new to smartcards: Have you tried cleaning your card? Sometimes the contacts get dirty, which makes it hard for the reader to recognize the card. As a first troubleshooting step, you could try rubbing the card with a piece of cloth (jeans, t-shirt, whatever…) to scrub it off a little.
I work on a gov’t network and our machines have CaC readers in the keyboard. I had to take a survey on the quality of our network speed last month. One question was to rate my satisfaction with the log on speed. The criteria for “excellent” was if it took no more than four to five minutes.
In the morning I put the CaC card in the keyboard then go drink a cup of coffee. I’m usually logged in when I return to my computer, usually.
Sub rant: Our emails are all converted to plain text when we send them. No more underline, bold, italics or color coding features to emphasize passages. They all get converted to Courier New so it looks like I typed my email on a 1950’s typewriter. I could tell the recipient to open it in rich text, but I’m not sure if they would know how. To be safe, I assume not and change how I write my emails.
It’s ridiculous, were people sending spam to each other? Too many LOLcat pictures atached to the budget messages? “OMG, the n3w fl1ght budg3t iz t3h suxxor!!!LOLOLOLOL!!!” Dude, I just need to respond to these emails so I can go home, can I please underline a few words in my email? I guess not. Freakin’ gov’t network.
Ugh, I know what you mean about the text for e-mails now. It drives me fraggin’ nuts. Sometimes you just need to emphasize something in a message so it will stand out.
I rarely have issues with my CAC card, though.
My computer has bogged down to mega-super-slow now though. It seems that with each “security enhancement” feature, my computer slows down. I hate that. I’m supposed to be getting a second computer and they didn’t install a second drop, which means putting a splitter on my current drop. This means even slower computer performance.
Look, I just want to get my work done in the fastest possible time, be productive, and go HOME. Is that too much to ask for with today technology?
Now that’s secure. Don’t you just love these ludicrous measures that make things worse while not even having their intended effect?
I would imagine it originated to avoid the sorts of email worms that were massively prevalent back in the day, which frequently relied on godawful html implementations in certain email programs (coughoutlookexpresscough). Over-protective, maybe, but a reasonable move. Could you not just use the bold, underline and /italic/ conventions? Not hugely pretty I realise, but better than nothing. You get used to 'em.
Gah! They just did this to us too! A lot of the emails I get (over 100 this month) are long outputs from batch processes with a small relevant passage highlighted… which is no longer highlighted.
Yeah, it’s only a minor annoyance, but the change happened only a few months ago. It’s the log on time that annoys me more. Are DoD networks slower than civilian systems? Is it a “you get what you pay for” effect where a budget-limited company has to sacrifice speed? I wonder about this as I watch my computer log on messages (and drink my coffee). Sometimes our entire office access to shared drives slows to a crawl. Does this happen in non-DoD networks? Answers to these questions are much appreciated. I’d like to know the correct people to strangle in my imagination - designers, maintainers or purchasers of the system.
It sounds like you are having issues getting a response back from your OCSP responder. Check the setting in your configuration and see which OCSP responder you are using to get your certificate validation from. The speed at which you get an ‘ok - cert valid’ - ping the system - is about all that can slow things down.
You could also check into setting the timeout on the OSCP response and have the system use the local CRLs after 10 seconds.
Drop a mail to PKE_Support at disa dot mil if your local admins can’t resolve the issue.
Just wait until you move to the new integrated platform. The CAC will work, but the system won’t register the right derts, so you’ll get to reboot a few times a day.
