Why worry about computer security? by Master Sgt. Keith Korzeniowski and Jack Worthy 45th Communications Squadron
11/20/2002 - PATRICK AIR FORCE BASE, Fla. (AFPN) -- Before going to bed at night, do you leave your front door unlocked? When parking your car, do you leave the keys in the ignition? Probably not. You automatically take precautions to secure valuables. Information is a valuable asset for our national security. In the computer age, information has become the lifeblood of many companies. Failure to safeguard information as you would your home or other assets is ludicrous. Unfortunately, according to a 1999 study done by the University of California all too often security measures are either minimized or ignored by 26 percent of the entire information technology and automated information system communities. For those in the know, the need for computer security measures is apparent. Even though data assets can be lost, damaged or destroyed by various causes, information systems tend to be susceptible for several reasons. First, computer components are relatively fragile. Hardware can be damaged more easily than, for example, tools in an auto repair shop. Data files are extremely fragile compared to other organizational assets. Second, computer systems are targets for disgruntled employees, protestors and even criminals. Finally, decentralization of facilities and use of distributed processing have increased vulnerability of information and computers. There are many ways to protect and prevent access to computer systems, from physical security involving locks and guards, to measures embedded in the system itself. Since end users have access, each represents a potential vulnerability. Many security measures begin with you. Here are some guidelines: * Know your unit information systems security officer, and information assurance awareness manager, and phone numbers for the network control center's C4 help desk. * Ensure your system is certified and accredited. Systems designated to handle classified information must complete an emission security assessment before processing is authorized. * Practice good password creation and protection. Ensure passwords contain at least eight characters, including upper and lower case alpha, numeric and special characters, and are exclusive to your system. * Use a password-protected screensaver when leaving your computer unattended. * Share information only with people and systems authorized to receive it. * Always scan disks, e-mail attachments and downloaded files using the latest antiviral product and signature file. * Know the sensitivity level of the information you're processing, requirements for protecting it, and security limitations of systems used to transmit it. Sanitize processing and storage devices. * Know the basics of data contamination, malicious logic, and virus prevention and detection. *Avoid virus hoaxes and chain letters. The telecommunications monitoring and assessment program governs consent to monitoring. Notification of consent is approved through signed permission and is placed on DOD computers, personal digital assistants, local area networks, external modems, phones, fax machines, text pagers, phone directories, and land mobile radios. Being a base network user is like being a member of the local community, which provides services to its citizens. Just as a community has laws, the network has policies. First, e-mail is for official use only. Policy is addressed in Air Force Instruction 33-119, Electronic Mail Management and Use. Forbidden activities include sending or receiving e-mail for commercial or personal financial gain, and sending harassing, intimidating, or offensive material to or about others. Like e-mail, Internet or Web access provided by the network is for official use only. AFI 33-129, Transmission of Information via the Internet, provides guidance on proper use of the Internet. Do not transmit offensive language or materials, such as hate literature and sexually harassing items, and obscene language or material, including pornography and other sexually explicit items. The AFI also prohibits obtaining, installing, copying, storing or using software in violation of the vendor's license agreement. Before downloading software from the Internet, keep in mind much of the freeware or shareware is only free for personal use. Licenses for many programs exclude use by the government or commercial companies. If you break the law in your community you can face serious consequences. What may be less known is that violating network policies also has consequences. A captain at Wright Patterson AFB, Ohio, was sentenced to nine months' confinement, a $10,000 fine and a reprimand for conduct unbecoming an officer for using an Air Force computer to download and store pornographic images. The base network is an unclassified system and a shared resource. One careless user sending a classified e-mail over the network can mean the loss of e-mail and shared drive access for hundreds of users until the system is cleared. As a member of the base network community, be a good citizen. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk