Fellow OPSECers, time has come for another computer related guest entry from our most prolific guest writer and good friend Kirk Dunaway.  Enjoy…

Computer down again? Might as well go home for the day. We’ve come to a point in our rapidly evolving world where no one can accomplish anything without email and internet access.  But when your computer is up and running and you’re toiling away, how much OPSEC-sense do you actually apply to your work habits?

OK, first the basics; you should know by now that the only secure computer is one that is not connected to ANYTHING! Once you have email and internet access - all bets are off. Sure, folks get paid to harden you system - to introduce a level of pain to the bad guys knocking on the door.  And they’re usually successful in keeping out 95% of the boneheads out there.  But those same boneheads know something you probably don’t think about; why attack you at your desktop, when they can just see what you do when your traffic enters the ‘net?

Think folks don’t pay attention?  Wow, you really DO need to read this blog more often!  Just think of the “cookie wars” raging on the ‘net.  Advertisers track where you go and what you look at, so they can place targeted ads on sites you visit.  Whether that’s good or bad is up to you, but personally I’d rather look at an ad for a computer company than for women’s clothing.  But the point is that if it is easy enough for advertisers to do it, think how easy it is for the bad guys.  And they track using more than just cookies.  It’s easy for them to sit passively by and just watch the traffic flow - seeing what comes and seeing what goes.  And there you are sitting at your desk in the Pentagon surfing sites that specialize in cold weather gear…in July.  Indicator?

The point is that traffic is in fact watched.  And if the watchers can put together the sites that everyone in your unit is surfing to, plus read all the un-encrypted emails, then there’s a good chance you’ve given them a costly glimpse into your future.  On the other hand, odds are good that no one is scrutinizing your computer at home.  If you think and apply OPSEC at work maybe, just maybe you’ll decide to surf the iffy sites from home.

Side note:  Concerned with cookies, pop ups, and other bad stuff that could be on an internet site?  Try downloading and using Opera, Safari, Netscape Mozilla FireFox or some other browser.  MS Internet Explorer, as the most popular, is the most targeted.  Also, the other browsers (such as FireFox)  do a better job of cleaning up your tracks once you exit.

Surf clean bruddah,

Kirk out.