WebSense keeps network operating at full-speed

BAGHDAD, IRAQ

09.14.2005

Courtesy Story

DVIDS Hub       

✔ ✗ Subscribe

68

By Senior Airman Chawntain Sloan
Multi-National Corps -- Iraq Public Affairs

CAMP VICTORY, Iraq -- It's your first week in country, and the work is already piled sky-high. Determined not to spend another day chained to your desk in silence, you surf the Internet for your favorite radio station only to find that WebSense has denied your access.

A radio station may hardly seem like it qualifies as inappropriate content, but it can be just as damaging to the mission.

WebSense is a network tool that groups known Web sites into a series of specific categories based on content, and it not only blocks the bad stuff but also keeps the lines of communication open, said Capt. Oscar Ahumada, deputy chief of Multi-National Corps -- Iraq Information Assurance.

"We are in a tactical environment out here, so we are dependent on systems that aren't equipped to handle heavy volumes of traffic. Streaming media, for instance, generates megabytes and megabytes of information, and the network will slow to a crawl just because people are listening to their favorite radio station," said Ahumada. "WebSense not only blocks prohibited Web sites but it also decreases bandwidth usage needed for mission-critical operations."

While a local commander has the authority to request certain Web sites be blocked, Ahumada said that a three-phase process outlined in the "Multi-National Force -- Iraq WebSense Policies Settings and Minimize Plan Policy", defines the majority of Web sites that are restricted.

"Phase one generally outlines content like nudity or adult material, which violate General Order One or other preexisting policies," he said. "However, we do allow lingerie and swimsuit Web sites because we understand that women have needs for certain items that cannot be purchased here."

Although prohibited sites outlined in phase one are permanently blocked, Ahumada said some Web sites that are widely accessed and have a tendency to bog down the network and are periodically restricted during phase two.

"Phase two kicks in when the network usage exceeds 90 percent, so this is more of an effort to cut down on recreational use to preserve the availability of the system for official use," said Ahumada.

In cases where it is necessary to maximize all bandwidth for military operations, Ahumada said access to all recreational Web sites are eliminated in phase three.

"We've never had to go into phase three, but if we were experiencing an attack or the theater designator approval authority had a reason, we would block just about everything but .mil or .gov sites," he said.

Because WebSense is its own program, Ahumada said it intercepts the user's request before it even reaches the World Wide Web.

"WebSense acts as a proxy, so whenever you try to log on to the Web, you are not actually accessing the World Wide Web," said Ahumada. "WebSense is actually getting your Web page request. It then looks at it and runs it against its rules. If it's permitted, it will go out to the Web and pull it down."

Aside from generating an "Access Denied" notification page, Ahumada said WebSense also formally logs the user information when someone tries to access a prohibited site.

Even though Ahumada and the IA team review the logs frequently, he said they are not necessarily looking for people who are breaking the rules.

"The logs are primarily reviewed for bandwidth usage. We have to have a justification to look for anything further. We can't just go in there saying, "I am going to get somebody,"" he said. "If we came across something that looked suspicious, then we would engage with the appropriate authority and let them know, but we do not have the authority to punish or disconnect anybody without express permission from the designator of approval authority, local commander, (judge advocate) or (inspector general)."

However, Ahumada said the IA team could be called to assist in a formal investigation.

"We provide those authorities with the expertise. For example, if your commander is investigating you for fraud, waste and abuse, then he could send us an authorization letter requesting that we provide him with information contained in the logs, and we would pull that log and give him the information he is asking for," said Ahumada.

While he has not had to deal with any fraud, waste and abuse cases during his tour, Ahumada said there have been instances of people trying to disable or get around WebSense.

"We have other controls on the network that can easily detect if someone is trying to get past WebSense, and we will provide a report and forward it to the person's unit commander," he said. "Doing so falls under abuse of the network, and there have been instances of people losing their access to the network because of it."

Besides losing their network privileges Maj. Matthew Ruzicka, chief of MNC -- I Military Justice, said service members could be subject to adverse administrative action or punishment under the Uniform Code of Military Justice, whereas Department of Defense civilians and contract employees could be subject to adverse administrative action.

"It depends on the reason they needed access, the information they accessed and the course of action their unit commander decides to take," said Ruzicka. "They could receive an oral or written counseling, an Article 15 or even be court-martialed."

Service members who are court-martialed for disobeying the policy will likely be charged with violating Article 92 of the UCMJ, Failure to Obey Order or Regulation, Ruzicka said. If they are found guilty at a general court-martial, they could receive a dishonorable discharge, forfeiture of all pay and allowances and confinement for two years.

Ahumada said that what the bottom line people need to remember is that they "are in a deployed environment, so all the rules about operational security and fraud, waste and abuse still apply."

"This is not the same access you have from your DSL or cable modem at home. (The Non-secure Internet Protocol Router Network) is an official government system, and the computers and routers are for official use," Ahumada said. "The policy is actually very liberal when it comes to allowing people to use it for personal reasons, but the government does have the right to impose restrictions on what you can and cannot do on the network."