Network Security: Everybody is a target, learn smart COMSEC Published March 28, 2008 By Compiled from staff reports 354th Communications Squadron EIELSON AIR FORCE BASE, Alaska -- About 120 nations have demonstrated a cyber warfare capability and intent. A variety of adversaries have proven the goal and ability to probe, find weaknesses and compromise DoD information systems and networks. For DoD unclassified networking (NIPR), intrusion attempts are constant. "Our networks are under constant stress as people try to gain/exploit/capture the knowledge and information that resides on the networks," said Maj. Amy Osterhout, 354th Communications Squadron commander. "We fight against a thinking enemy that continually adapts to get around our network defenses, and you are the first line of defense." DoD enemies are always adapting to our security measures. Without informed and aware front line defenders--you--we risk theft of information, resources, and adversaries gaining a position to deny, degrade or destroy our information access and processing. Below are means to ensure a better defensive posture. DON'T open e-mails from users or sources you do not recognize as legitimate DON'T use thumb drives or removable storage devices unless they are approved by your ISSO, labeled properly, and scanned prior to use. DO digitally sign ALL email messages you initiate that include a hyperlink or attachment DO digitally sign AND encrypt all messages that contain: - For Official Use Only (FOUO) - Privacy Act / personal information - technical and contract data - proprietary information - foreign government information - financial information - source selection information Major Osterhout said that by digitally signing e-mails helps others to know that it is coming from a trusted source. When you receive an e-mail, make sure it originated from a valid source. "The 'bad guys' know how to make official-looking e-mails," she said. "So if in doubt, follow up before trusting the e-mail. Be vigilant to phishers attempting to fraudulently acquire sensitive information, such as passwords, personal information, military operations and credit card information." She said the typical phishing scam often times masquerades itself as a trustworthy person or business. DO be wary of any hyperlinks included in e-mails, documents, or on web pages. Your email should be configured as text only to ensure you see the true address of a hyperlink. On Web pages and documents, use your mouse to hover over a link to ensure the link will direct you to the true website you wish to go to. Thumbdrives are also an inherent risk, she said. "Thumbdrives can be very dangerous, if you use one, label it with contact information, and don't plug one into your computer to find out what is on it." Major Osterhout said that to help defend Eielson's network, the 354th CS has set up the network to automatically suspend or delete accounts that have no activity for a certain amount of days. If an account is inactive for 30 days, the account will be disabled; if it is inactive for 60 days, it will be deleted. She said for those going on a long leave, temporary duty or deployment, to make arrangements with a CSA or the network control center help desk to ensure proper protection of the accounts. DO remember a risk accepted by one is a risk accepted by all. Everybody on the network is a target. If you have any additional questions, contact the wing information assurance office at 377-2815.