Unauthorized software a threat to network security Published April 8, 2009 By Joshua Neate 39th Air Base Wing INCIRLIK AIR BASE, Turkey -- Software exploits take advantage of bugs or vulnerabilities in software and use them to cause unintended behavior on computer systems. Most exploits are used to gain control of a system or to attack it using a denial of service. Vulnerabilities and bugs arise due to the human factors' element in software programming. Oversights are bound to happen and preventing them is just about impossible. For this reason, the Air Force requires that all software on its network be analyzed and approved before installation. Analysis determines the level of risk of the software and allows the Air Force to track patches and upgrades in response to known vulnerabilities. Software that has not been through this process represents a serious risk to the network. The Network Operations Security Center scans the network regularly for unauthorized software. Violators face serious consequences, including the loss of network privileges. Installing software on a computer requires a few steps. 39th Communications Squadron First, users should check the Air Force Electronic-Approved Products List and the transitional AF E-APL, which combine to include all software that is approved for use on the network. If the software is not on one of those lists, it must be approved by the Air Force Communications Agency prior to installation. Questions about the E-APL and the approval process for new software can be directed to your wing information assurance office. The responsibility for network security rests with every user. Before installing any new software, ensure that it has been approved by the Air Force. (Mr. Neate is assigned to the 39th Air Base Wing Information Assurance Office)