COMPSEC: Protect against threats

  • Published
  • By Staff Sgt. Chad Thompson
  • 90th Missile Wing Public Affairs
F.E. WARREN AIR FORCE BASE, Wyo. --  It's a wide world with an ever expanding cyberspace; technology is evolving, and the malicious threats toward Air Force computers never end. 

"Air Force computers need to be treated as a weapon system, because everything you do on that machine could potentially halt or diminish operations here at F.E. Warren. And people need to be aware of that," said Tech. Sgt. Nicholas Cichon, 90th Missile Wing Information Assurance NCO in charge. "Everyone uses computers; everything is controlled by computers. So if the computers get compromised, it could have serious effects on operations." 

That's where this technical sergeant's Air Force specialty comes in. 

"My job is to preserve the integrity, confidentiality and availability of the network," Sergeant Cichon said. He does this by training and informing personnel, and monitoring everything that comes on or goes off base. 

"What we do here is make sure the Air Force cyber security policy is being enforced on our machines, ensuring only certified and accredited systems are being connected to the network, and by making sure that security incidents are properly reported and fixed," he explained. 

A main concern of the information assurance office is protecting against malicious logic.
Sergeant Cichon said malicious logic is a set of instructions causing a security policy to be violated, which can be a variety of software programs used for hostile intrusion. 

"These programs replicate themselves and spread, stealing information from computer systems, destroying systems and causing denial of service," he said.
Some forms of malicious logic are Trojan horses, viruses and worms.
Trojan horse: 

A Trojan horse is a program imbedded into a computer allowing a backdoor into that machine, Sergeant Cichon said. It is typically disguised as an authorized program that should be on the machine, and it hides very well. 

"Trojan horses don't do a large amount of work, which makes it difficult to detect, and it doesn't normally replicate by itself," he added. It sits and opens holes in a computer system which is usually how other malicious logic, such as viruses or worms, get introduced to the machine. 

Virus:
Sergeant Cichon described a virus as a small piece of software that imbeds itself into a file, like an infection. It causes malicious activity by removing and replicating files and then spreads to other systems. 

"Hackers ... are evolving and adapting because of the security technologies that are out there," he said. "New virus definitions are being sent out daily to thwart threats, because everyday someone is trying to develop something new." 

Worm:
Worms are self-replicating computer programs that copy itself to computers on a network, infecting, replicating and retrieving information to be used in a malicious nature, Sergeant Cichon said. "Basically a Trojan horse is used to infect a system with a virus, and the virus transforms into a worm and infects other computers in order to shut down a system." 

Some steps in preventing malicious logic are: 

--Make sure not to download software programs or visit unauthorized Web sites. Just because it's not blocked doesn't mean it's authorized. 

--Scan all removable media (thumb drives, flash drives, CDs) before opening any executable files, especially if it is brought from home. 

--If working at home, be sure the computer has an anti-virus program and the virus definition files are current. 

--If anti-virus software is popping up at work saying virus signatures are out of date, contact someone at the information assurance office so they can fix it. 

--Never open a file if the sender can't be verified, and don't double click any e-mail attachments that have an executable file. 

Steps for correcting corrupted computers are: 

--Immediately disconnect the computer from the network. Disconnecting from the network isolates that virus to that machine. A virus or malicious program replicates itself and spreads; the information assurance office doesn't want it to spread to the entire network. 

--Contact an immediate supervisor, information systems security officer, client support administrator or the information assurance office at 773-5149. 

--Write down any error messages that the computer might display. 

--The computer should never be shut down or logged off, because there are many boot sector viruses trigger on reboot. 

Each piece of information is a piece of the puzzle, and even though Warren has an unclassified network it is everyone's job to protect critical information in order to maintain operations here, Sergeant Cichon said. 

(Editor's note: This is the first story in a series of articles highlighting Air Force computer security.)