[ISN] NETWARCOM Conducts Network Security Training Day

From: InfoSec News <alerts_at_private>
Date: Mon, 2 Mar 2009 01:07:18 -0600 (CST)
http://www.navy.mil/search/display.asp?story_id=42874

By Mass Communication Specialist 2nd Class(SW) Christopher Koons
Naval Network Warfare Command Public Affairs
2/25/2009

NORFOLK (NNS) -- A variety of speakers talked about ways to defend 
against today's cyber threats during Naval Network Warfare Command's 
(NETWARCOM) mandatory network security training, Feb. 23, at Naval 
Amphibious Base Little Creek's theater.

The Chief of Naval Operations has directed all Navy activities to 
conduct a network security training and awareness day no later than Feb.
28. He mandated the training in response to recent security incidents on 
    Navy computer networks.

"The nature of the threats we've faced has changed in the 22 years I've 
been in the Navy, so we have to find ways to mitigate the new cyber 
threats we face today," said Chief Warrant Officer Sheldon Malone, 
NETWARCOM's information assurance manager.

At the training session, Malone discussed the main components of 
computer security and why each is important.

"We guarantee smart users through training, just like we learn the 
alphabet in school," he said. "We have people, processes and 
technologies in place to implement our defense processes. It is an 
all-hands responsibility."

There are basic steps each user must take to be aware of how to detect 
and defeat cyber threats, Malone explained.

"Everyone has to complete their annual information assurance training," 
he said. "Unauthorized e-mail accounts can open up the system to 
hackers--so avoid them. You need to keep your system password secure and 
not write it down where it can be easily seen and you should not tell 
others what it is. Make sure that when you leave your work space, you 
pull your CAC (Common Access Card) out of your machine."

Malone also gave advice on network behaviors that should be avoided.

"You must not go to porn sites, send chain letters, solicit goods, 
attempt to bypass access controls, introduce unauthorized hardware or 
software, use personally owned software, upload executable files or 
introduce malicious software or codes into the network," he said.

Kevin Williams, NETWARCOM's information assurance manager, discussed the 
handling of removable media. He pointed out that thumb drives have 
recently been banned, but that CDs, DVDs, and government authorized 
external hard drives are still allowed.

According to Freddie Blaser, who is in charge of NETWARCOM's information 
assurance services, computer safety at home includes following basic 
steps such as: Installing anti-virus software, using care when reading 
e-mails and attachments, installing firewall programs and making backups 
of important files and folders.

Christina Harper, NETWARCOM's information assurance support 
representative, talked about the importance of securing personally 
identifiable information (PII) that is stored on laptops and other 
electronic devices.

"If you are handling PII, you must make sure it's not in open view and 
do not share it with someone who doesn't need access to it," said 
Harper. "Do not store it to a shared drive, and you must encrypt it if 
you send it over your e-mail. Never leave it unattended."

Seth Gang, NETWARCOM's identity protection and management manager, 
talked about the importance of securing CACs, which allows personnel to 
have a cryptographic log-on to the network.

"You must have physical possession of your CACs at all times," said 
Gang. "It doesn't matter what you are doing; if you go to the grocery 
store, or you are in your home, it must always be in your possession."

Gang also talked about the importance of digitally signing e-mails, now 
done automatically for all e-mails sent out from NMCI.

"You should only trust e-mails that have a digital signature on them," 
he said. "It lets you know that it came from a DoD-authorized source."

Rear Adm. Edward H. Deets, III, NETWARCOM's vice commander, summed up 
the importance of guarding against the dangers posed in today's cyber 
environment.

"We have to be as aware of the threats and inherent risks of our 
information systems as we would of the responsibilities we have when we 
go aboard a ship and engage in damage control," Deets said. "We have to 
make people understand why network security is important and ensure that 
we maintain our edge by not giving it up to somebody else."

Commands, Navy-wide, are in the process of meeting the Feb. 28 deadline 
for training compliance. One of those commands is U.S. 2nd Fleet, whose 
Commander, Vice Adm. Melvin G. Williams, Jr., has stressed the 
importance of keeping Navy computer networks safe from enemy attack from 
a fleet perspective is critical.

"At the operational level of war, our networks are essential to command 
and control effectiveness from our maritime operations centers," 
Williams said. "The readiness and security of these networks is 
critical, and helps to ensure strategic-to-tactical level war fighting 
alignment. It is the responsibility of all hands to maintain the high 
standards necessary to keep our networks secure."


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Sun Mar 01 2009 - 23:07:18 PST

This archive was generated by hypermail 2.2.0 : Sun Mar 01 2009 - 23:11:22 PST