[INFOCON] - USAF: Why worry about computer security?
Why worry about computer security? by Master Sgt. Keith Korzeniowski and Jack Worthy 45th Communications Squadron 11/20/2002 - PATRICK AIR FORCE BASE, Fla. (AFPN) -- Before going to bed at night, do you leave your front door unlocked? When parking your car, do you leave the keys in the ignition? Probably not. You automatically take precautions to secure valuables. Information is a valuable asset for our national security. In the computer age, information has become the lifeblood of many companies. Failure to safeguard information as you would your home or other assets is ludicrous. Unfortunately, according to a 1999 study done by the University of California all too often security measures are either minimized or ignored by 26 percent of the entire information technology and automated information system communities. For those in the know, the need for computer security measures is apparent. Even though data assets can be lost, damaged or destroyed by various causes, information systems tend to be susceptible for several reasons. First, computer components are relatively fragile. Hardware can be damaged more easily than, for example, tools in an auto repair shop. Data files are extremely fragile compared to other organizational assets. Second, computer systems are targets for disgruntled employees, protestors and even criminals. Finally, decentralization of facilities and use of distributed processing have increased vulnerability of information and computers. There are many ways to protect and prevent access to computer systems, from physical security involving locks and guards, to measures embedded in the system itself. Since end users have access, each represents a potential vulnerability. Many security measures begin with you. Here are some guidelines: * Know your unit information systems security officer, and information assurance awareness manager, and phone numbers for the network control center's C4 help desk. * Ensure your system is certified and accredited. Systems designated to handle classified information must complete an emission security assessment before processing is authorized. * Practice good password creation and protection. Ensure passwords contain at least eight characters, including upper and lower case alpha, numeric and special characters, and are exclusive to your system. * Use a password-protected screensaver when leaving your computer unattended. * Share information only with people and systems authorized to receive it. * Always scan disks, e-mail attachments and downloaded files using the latest antiviral product and signature file. * Know the sensitivity level of the information you're processing, requirements for protecting it, and security limitations of systems used to transmit it. Sanitize processing and storage devices. * Know the basics of data contamination, malicious logic, and virus prevention and detection. *Avoid virus hoaxes and chain letters. The telecommunications monitoring and assessment program governs consent to monitoring. Notification of consent is approved through signed permission and is placed on DOD computers, personal digital assistants, local area networks, external modems, phones, fax machines, text pagers, phone directories, and land mobile radios. Being a base network user is like being a member of the local community, which provides services to its citizens. Just as a community has laws, the network has policies. First, e-mail is for official use only. Policy is addressed in Air Force Instruction 33-119, Electronic Mail Management and Use. Forbidden activities include sending or receiving e-mail for commercial or personal financial gain, and sending harassing, intimidating, or offensive material to or about others. Like e-mail, Internet or Web access provided by the network is for official use only. AFI 33-129, Transmission of Information via the Internet, provides guidance on proper use of the Internet. Do not transmit offensive language or materials, such as hate literature and sexually harassing items, and obscene language or material, including pornography and other sexually explicit items. The AFI also prohibits obtaining, installing, copying, storing or using software in violation of the vendor's license agreement. Before downloading software from the Internet, keep in mind much of the freeware or shareware is only free for personal use. Licenses for many programs exclude use by the government or commercial companies. If you break the law in your community you can face serious consequences. What may be less known is that violating network policies also has consequences. A captain at Wright Patterson AFB, Ohio, was sentenced to nine months' confinement, a $10,000 fine and a reprimand for conduct unbecoming an officer for using an Air Force computer to download and store pornographic images. The base network is an unclassified system and a shared resource. One careless user sending a classified e-mail
[INFOCON] - EPIC Alert 9.23
-Original Message- On Behalf Of EPIC News Sent: 19 November 2002 23:54 To: [EMAIL PROTECTED] Subject: EPIC Alert 9.23 == @@@ @@ @ @ @ @ @ @@ @ @ @ @ @@ @@@@ @ @ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @@ @ @@@ @ @ @ @ @ == Volume 9.23 November 19, 2002 -- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_9.23.html === Table of Contents === [1] Public Protest Over Pentagon Surveillance System Mounts [2] Appeals Court Permits Broader Electronic Surveillance [3] Homeland Security Bill Limits Open Government [4] Circuit Court Approves Faxed Warrants [5] DC City Council Attacks Camera System, Adopts Regulations [6] California Passes Database Privacy Legislation [7] EPIC Bookstore - Data Protection Law [8] Upcoming Conferences and Events === [1] Public Protest Over Pentagon Surveillance System Mounts === The Pentagon's proposed "Total Information Awareness" (TIA) surveillance system is coming under increasing attack. In an open letter sent yesterday, a coalition of over 30 civil liberties groups urged Senators Thomas Daschle (D-SD) and Trent Lott (R-MS) to "act immediately to stop the development of this unconstitutional system of public surveillance." Newspapers across the country have written editorials castigating the program. The New York Times has said that "Congress should shut down the program pending a thorough investigation." The Washington Post wrote, "The defense secretary should appoint an outside committee to oversee it before it proceeds." William Safire's recent column, which played a major role in igniting the public outcry, called the surveillance system "a supersnooper's dream." The TIA project is part of the Defense Advanced Research Projects Agency (DARPA)'s Information Awareness Office, headed by John Poindexter. The surveillance system purports to capture a person's "information signature" so that the government can track potential terrorists and criminals involved in "low-intensity/low-density" forms of warfare and crime. The goal of the system is to track individuals by collecting as much information about them as possible and using computer algorithms and human analysis to detect potential activity. The project calls for the development of "revolutionary technology for ultra-large all-source information repositories," which would contain information from multiple sources to create a "virtual, centralized, grand database." This database would be populated by transaction data contained in current databases, such as financial records, medical records, communication records, and travel records, as well as new sources of information. Intelligence data would also be fed into the database. A key component of the project is the development of data mining or knowledge discovery tools that will sift through the massive amount of information to find patterns and associations. The surveillance plan will also improve the power of search tools such as Project Genoa, which Poindexter's former employer Syntek Technologies assisted in developing. The Defense Department aims to fund the development of more such tools and data mining technology to help analysts understand and even "preempt" future action. A further crucial component is the development of biometric technology to enable the identification and tracking of individuals. DARPA has already funded its "Human ID at a Distance" program, which aims to positively identify people from a distance through technologies such as face recognition and gait recognition. A nationwide identification system might also be of great assistance to such a project by providing an easy means to track individuals across multiple information sources. The initial plan calls for a five year research project into these various technologies. According to the announcement soliciting industry proposals, the interim goal is to build "leave-behind prototypes with a limited number of proof-of-concept demonstrations in extremely high risk, high payoff areas." The FBI and the Transportation Security Administration (TSA) are also working on data mining projects that will merge commer
[INFOCON] - News 11/20/02
_ London, Wednesday, November 20, 2002 _ INFOCON News _ IWS - The Information Warfare Site http://www.iwar.org.uk _ - To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body - _ [News Index] [1] U.S. fails cybersecurity review--again [2] Experts: Don't dismiss cyberattack warning [3] Cyber center planned [4] Senate approves Homeland bill [5] Business Week Online Special - Enhancing Computer Security [6] Caught in a BIND [7] Navy restructuring CIO's office [8] A case in point [9] Internet Provisions in Security Bill [10] Don't trust that spam: Ignore 'Nigerian scam' [11] At a stroke, MS cuts critical vuln reports [12] Bill's secrecy provisions stick [13] Security Through Soundbyte: The 'Cybersecurity Intelligence' Game [14] Local officials give homeland bill mixed reviews [15] CIA searching out technologies to boost national security [16] Internet, E-Commerce Boom Despite Economic Woes [17] Liberty Alliance Updates Specs [18] Hill OKs security research [19] Northcom orders C4ISR, info ops work _ News _ [1] U.S. fails cybersecurity review--again By Reuters November 19, 2002, 3:04 PM PT The U.S. government flunked a computer-security review for the third consecutive year on Tuesday, showing no improvement despite increased attention from high-level officials. Government agencies that oversee military forces, prosecute criminals, coordinate emergency response efforts and set financial policy all received failing grades from congressional investigators. The Department of Transportation, whose computer systems guide commercial aircraft and allocate millions of dollars in highway funding, received the lowest score, 28 out of a possible 100. Stung by a series of electronic break-ins and Internet-based attacks, Congress has voted to triple spending on cybersecurity research efforts while the Bush administration is pulling together a much-publicized set of guidelines for businesses and individuals. http://news.com.com/2100-1001-966444.html?tag=lh See also: http://www.mail-archive.com/infocon@infowarrior.org/msg00321.html (There is quite a difference between developing an 'expertise in computer science' and launch a strategic CNO campaign. Just ask some IO people from Kelly AFB or Fort Mead and they will agree. AQ claims lots of things and it certainly makes sense that they research this area, but there is a major difference between 'looking into something' and actually having the capability of doing something like that. It takes quite a bit more than a mouse click to bring down an economy. So, I would still say that at the moment any kinetic force is far more powerful than any ping of death. WEN) [2] Experts: Don't dismiss cyberattack warning By DAN VERTON NOVEMBER 18, 2002 Security experts and two former CIA officials said today that warnings of cyberattacks by al-Qaeda against western economic targets should not be taken lightly. Vince Cannistraro, the former chief of counterterrorism at the CIA, said that a number of Islamists, some of them close to al-Qaeda, have developed expertise in computer science. "And some are well schooled in how to carry out cyberattacks," he said. "We know from material retrieved from [al-Qaeda] camps in Afghanistan that this is true. But their expertise seems mostly dedicated to communicating securely among al-Qaeda cells. Cyberattacks would probably render them less secure by focusing attention on their location." In an exclusive interview with Computerworld on Monday, Sheikh Omar Bakri Muhammad, a London-based fundamentalist Islamic cleric with known ties to Osama bin Laden, said al-Qaeda and various other fundamentalist Muslim groups around the world are actively planning to use the Internet as a weapon in their "defensive" jihad, or holy war, against the West. http://computerworld.com/securitytopics/security/story/0,10801,76000,00. html