An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Circumventing network security bad for career, wallet

  • Published
  • By Information courtesy of U.S. Central Command Air Forces Network Operations Security Center Information Assurance and Air Force Forces IA
SOUTHWEST ASIA --  Once only harnessed by the technically savvy, the use of proxy-bypass Web sites, also known as anonymizers, has become common place. 

These Web sites claim to allow users to stealthily visit Web sites that are prohibited to view on the host network, by bypassing firewalls. Make no mistake: using these Web sites can subject users to criminal prosecution under the Uniform Code of Military Justice. 

The Air Force's firewalls and Web proxy servers are a security measure that protect and defend our networks from hacking, viruses and counterintelligence attacks. Bypassing these security controls is prohibited by Air Force Instruction 33-129, Web Management and Internet Use, and is punishable under the UCMJ. 

Carefully read the banner displayed when you log on to a Department of Defense computer system. It clearly states: "Unauthorized use may subject you to criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal or adverse action. Use of this system constitutes consent to monitoring for these purposes." 

Legally, it doesn't matter which sites users view while using a proxy bypass. The mere fact that the individual used a proxy bypass site will subject that person disciplinary legal action. 

If you are caught using such a Web site and you are scheduled to redeploy, you will likely be held in the area of responsibility while an investigation is conducted and while action is taken. If you get caught after you have already returned to your home unit, evidence of your criminal action will be sent to your home unit for action by your commander. 

Offenders face serious consequences for using proxy bypass servers. 

In 2006, nine offenders were given Articles 15 for proxy server violations, including four staff sergeants and five senior airmen. The punishments resulted in the loss of six stripes, four suspended reductions in rank and a total of $4,960 in forfeited pay.
Potential consequences also include loss of security clearance, administrative action, non-judicial punishment, and criminal prosecution. A large number of individuals have been punished for such conduct in the AOR. Don't be one of them. 

Use of proxy bypass sites degrades network performance, circumvents network security measures, puts sensitive data at risk, diverts manpower and can result in an embarrassment to the Air Force. These sites capture and store address information that links the Air Force to the site that was visited. Additionally, DoD agencies monitor for and report suspicious network traffic to the originating base or site. 

When violators use anonymizers to view blocked sites, they open the door for previously blocked keyloggers, Trojans, backdoor applications and other spyware to load directly onto their computer. This malware spreads by visiting a malicious Web site, via e-mail or uses your privileges to other parts of the network and represents an unacceptable risk to our mission. 

With each AEF rotation comes a wave of proxy bypass use. Skirting the rules put into place for your safety is an integrity violation that can end your career and hurt your pocketbook. Violators continue to roll the dice with the mindset that "the network police are too busy to care about me. Besides I change proxy avoidance Web sites every day so I'm harder to catch." 

Violators may even share the latest proxy avoidance sites with their buddies to diffuse the responsibility of their actions. These individuals believe they are invisible to the "radar." 

The truth is we've got the best network "radar" in the world. Log-on credentials tied to users, dates, times and all the session data are logged and reported when someone surfs through an anonymizer site. Commanders have the authority to immediately disconnect and quarantine any computer for forensic investigation. The computer and its files and folders are the property of the military, and all the same rules apply if your personal computer was imaged by the 379th Expeditionary Communications Squadron and is being used on the base network. Education and awareness will help reduce the amount of violations. 

Finally, for those individuals who choose to continue "anonymous" Web surfing ... you're not invisible. Consider your career and financial future and remember: integrity first.