Why worry about computer security?

by Master Sgt. Keith Korzeniowski and Jack Worthy
45th Communications Squadron

11/20/2002 - PATRICK AIR FORCE BASE, Fla. (AFPN) -- Before going to bed
at night, do you leave your front door unlocked? When parking your car,
do you leave the keys in the ignition? Probably not. You automatically
take precautions to secure valuables. 

Information is a valuable asset for our national security. In the
computer age, information has become the lifeblood of many companies. 

Failure to safeguard information as you would your home or other assets
is ludicrous. Unfortunately, according to a 1999 study done by the
University of California all too often security measures are either
minimized or ignored by 26 percent of the entire information technology
and automated information system communities. 

For those in the know, the need for computer security measures is
apparent. Even though data assets can be lost, damaged or destroyed by
various causes, information systems tend to be susceptible for several

First, computer components are relatively fragile. Hardware can be
damaged more easily than, for example, tools in an auto repair shop.
Data files are extremely fragile compared to other organizational
assets. Second, computer systems are targets for disgruntled employees,
protestors and even criminals. Finally, decentralization of facilities
and use of distributed processing have increased vulnerability of
information and computers. 

There are many ways to protect and prevent access to computer systems,
from physical security involving locks and guards, to measures embedded
in the system itself. Since end users have access, each represents a
potential vulnerability. Many security measures begin with you. 

Here are some guidelines: 

* Know your unit information systems security officer, and information
assurance awareness manager, and phone numbers for the network control
center's C4 help desk. 

* Ensure your system is certified and accredited. Systems designated to
handle classified information must complete an emission security
assessment before processing is authorized. 

* Practice good password creation and protection. Ensure passwords
contain at least eight characters, including upper and lower case alpha,
numeric and special characters, and are exclusive to your system. 

* Use a password-protected screensaver when leaving your computer

* Share information only with people and systems authorized to receive

* Always scan disks, e-mail attachments and downloaded files using the
latest antiviral product and signature file. 

* Know the sensitivity level of the information you're processing,
requirements for protecting it, and security limitations of systems used
to transmit it. Sanitize processing and storage devices. 

* Know the basics of data contamination, malicious logic, and virus
prevention and detection. 

*Avoid virus hoaxes and chain letters. 

The telecommunications monitoring and assessment program governs consent
to monitoring. Notification of consent is approved through signed
permission and is placed on DOD computers, personal digital assistants,
local area networks, external modems, phones, fax machines, text pagers,
phone directories, and land mobile radios. 

Being a base network user is like being a member of the local community,
which provides services to its citizens. Just as a community has laws,
the network has policies. 

First, e-mail is for official use only. Policy is addressed in Air Force
Instruction 33-119, Electronic Mail Management and Use. Forbidden
activities include sending or receiving e-mail for commercial or
personal financial gain, and sending harassing, intimidating, or
offensive material to or about others. 

Like e-mail, Internet or Web access provided by the network is for
official use only. AFI 33-129, Transmission of Information via the
Internet, provides guidance on proper use of the Internet. Do not
transmit offensive language or materials, such as hate literature and
sexually harassing items, and obscene language or material, including
pornography and other sexually explicit items. The AFI also prohibits
obtaining, installing, copying, storing or using software in violation
of the vendor's license agreement. Before downloading software from the
Internet, keep in mind much of the freeware or shareware is only free
for personal use. Licenses for many programs exclude use by the
government or commercial companies. 

If you break the law in your community you can face serious
consequences. What may be less known is that violating network policies
also has consequences. A captain at Wright Patterson AFB, Ohio, was
sentenced to nine months' confinement, a $10,000 fine and a reprimand
for conduct unbecoming an officer for using an Air Force computer to
download and store pornographic images. 

The base network is an unclassified system and a shared resource. One
careless user sending a classified e-mail over the network can mean the
loss of e-mail and shared drive access for hundreds of users until the
system is cleared. As a member of the base network community, be a good

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to