Commentary: Defending your home and community in cyberspace

  • Published
  • By Lt. Col. David Stookey
  • 100th Communications Squadron commander
RAF MILDENHALL, England --  Defense of cyberspace begins at home. In years gone by, warriors and farmers alike defended their homes, villages, communities and way of life. There were few standing armies. But when threat or attack came, all answered the call for the public good. Later and especially in the U.S., militias were formed to defend and protect the states, communities and ideals.

Today's world is fraught with wars, struggles and unrest, and America is engaged in many areas of the world and on several fronts. Adversaries of many types are actively engaging with us as well. "Us" as a nation, but "us" - you and I - as individuals as well.

We are under attack in the cyber domain.

We can help defend our ideals, our community and our nation by taking appropriate steps to protect our computers, mobile and smart phones and network devices from attack.

You may wonder how protecting your personal computers and devices helps protect our community. Computer attacks come from a variety of sources. Viruses and malicious software can be sent to you in an e-mail from a friend, an acquaintance or an outside source.

You may be tricked into clicking a link that takes you to a cleverly designed Web site that looks nearly identical to a reputable business or government agency, but is not. You may feel confident in loading and running shareware or games and applications you or your children find on the Web.

Those are just a few of the attack vectors criminals, curious and malicious hackers, and other adversaries use to steal your information, hijack your computer with bots and trojans and attempt to gain entry into your online community network.

If your computer is compromised, many of your friends and community members are at risk. If they know you, they will probably trust an e-mail attachment or application coming from you to be a valid and safe item to click and view.

That's how botnets are created. Botnets are networks of computers that have been hijacked with small executable programs that enable adversaries remote control of the computer. It's widely believed that thousands of botnets were used last July in a cyber attack on several key U.S. and South Korean government Web sites.

The attack was noteworthy in that the denial of service attack was orchestrated from thousands of U.S.-based computers that investigators believe were compromised months in advance of the attack.

How do we prevent our computers and Internet devices from becoming a tool for our adversaries? First, the DoD networks are fairly well defended against outside attack. Please take the network security precautions seriously. Be vigilant and report unusual Web and e-mail events. Be careful not to click links to suspicious Web sites.

Even if they were sent to you from someone you know or from a .gov or .mil account. E-mail can be easily spoofed and made to look like it came from trusted domains. If in doubt about an e-mailed Weblink -- don't click it.

Take the following steps to protect your home computer(s): run a trusted antivirus. Both Norton and MacAfee antivirus products can be downloaded from the Air Force Portal at no charge to you.

Why? Because DoD recognizes that you are likely to send e-mail and documents back and forth from your home and work computers. We can take all the precautions in the world to protect the DoD networks, but if your home computers are infected, you may inadvertently send malicious software to your work computer. Set your antivirus to scan your computer several times a week.

Invest in a router (roughly $50 - $100) to use between your cable modem/Internet provider and your home computer/network. Some vendors provide these and even secure them for you. The router helps protect your computer from unwanted Internet scans and probes.

Be cautious about clicking links in your home or Web mail. Be careful of sites that collect your personal information. Remember that no legitimate banks, charge card company, business or network administrator will ever ask for your personal credentials through an e-mail or phone call.

And the age old advice -- if it looks too good to be true, it probably is. There really is no one in Nigeria that is going to send you a huge check in exchange for a small amount of money now. The "Nigeria" e-mail scam has been run successfully for more than 10 years now, and the various criminal networks that run the scam still get people to send them money.

Finally, be careful to choose challenging passwords and avoid making your children, pets, key dates, etc your password. With a few minutes of social engineering (or just browsing your Facebook page), determined hackers will be able to guess many of those names or dates. And if your password is one of them, you've just given away the keys to your networked community.

Apply the same great advice you've grown up with about being careful in a large city, to your journey in the cyber world. Minimize your risks, stick to safe paths and be cautious and aware of your surroundings and you'll greatly reduce the chance of a successful attack against your cyber community.