Network Dos and Don'ts

  • Published
  • By George Woodward
  • 82 TRW Public Affairs
SHEPPARD AFB, Texas --  In March, Defense Department leaders announced the “Hack the Pentagon” effort, which paid hackers to identify vulnerabilities in defense we sites.

Since then, more than 80 payouts have been made for identified “bugs.”

It’s a stark reminder of the importance of protecting our networks, according to 82nd Communications Squadron Commander Major Tommy Marshall.  

“Vulnerabilities in our systems are a reality we have to deal with every day, and we work hard to keep our networks functioning and safe so that we can accomplish our mission,” he said.   

While much of that work is done by cyber warriors behind the scenes, the front line when it comes to network security is the end user – the people who log each morning to get the job done.   

“In today’s world, everyone in the DoD is a cyber warrior,” Marshall said. “It’s like locking up your house -- it doesn’t matter if you dead-bolt the back door and lock all the windows if you leave the front door wide open. Our end users are the front door, and we rely on them to help us keep the network secure.”   

What can you do? Marshall offers six tips—three “Dos” and three “Don’ts”:   

Do  

1. Reboot Your Computer Daily: If you don't already do so, begin rebooting your computer daily.   

“This is the single best thing you can do to help with our network security,” Marshall said. “Patching computers requires regular rebooting.”   Rebooting daily ensures Windows updates and other patches are installed successfully and in a timely manner. As a bonus, rebooting daily also clears the memory use on your computer allowing the machine to run faster and provide you better performance.   

2. Call Your Computer Administrator if Your Computer has Overdue Patches: If a computer has overdue patches, call your computer administrator or 676-HELP to get them loaded. This is especially important for laptops or other computers that are not constantly connected to the network. Systems with a significant number of vulnerabilities run the risk of being disconnected from the network.  

3. Plug in SIPR Computers at Least Twice a Week: If you have SIPR connectivity in your office, plug in the SIPR machine at least two times per week for eight hours each.   

“Many people only need to get on their SIPR machines once in a while,” Marshall said, “and their SIPR machines are powered down and the hard drives stored in a safe. This means SIPR machines are often not online long enough to be properly patched, making the entire SIPRNet less secure.”   

Don’t  

1. Don’t Plug Unauthorized Items Into a Government Computer: Don’t connect or use any privately owned media or peripheral devices, such as music or video CDs or DVDs, digital music players, mobile phones, tablets, USB drives, external hard drives, or flash media devices, to Air Force information systems or government furnished equipment. Don’t connect any peripheral device not already preapproved for use on the AF network, such as a mouse, scanner, smart board, pointer, or keyboard device. Requests for Approval to use any type of peripheral device that is not included with the standard desktop should be submitted through the Wing Cybersecurity Office (82 CS/SCXS).  

2. Don’t Write Down Usernames or Passwords: “Bad guys look for that and it’s a security violation if the password is for SIPRNet sites,” Marshall said.  

3. Take Your CAC With You: Don't leave your Common Access Card in a computer if you walk away from your desk.   

“This should be an automatic reflex for all of us,” Marshall said, “but it bears repeating.Whenever you step away from your computer, take your CAC with you.”   

There can be consequences for misusing your CAC or leaving it in a computer. Federal law sets forth fines and possible imprisonment for users who willfully allow another person to have or use their CAC. Even unintentional actions – like leaving your CAC in a computer – can result in suspension of access to DoD systems.   

“It’s important to everyone to understand that access to our networks isn’t a right,” Marshall said. “It’s a privilege and a responsibility that can be revoked.”   

Fortunately, he said, most people do the right thing.   

“The vast majority of our end users understand their role in helping us protect our networks,” he said. “We appreciate the help and support we get from across the base.”   

By following the tips above, Marshall said, we can help ensure our networks are up and available when we need them.