Unauthorized software a threat to network security Published April 28, 2009 By Joshua Neate Information Assurance Office INCIRLIK AIR BASE, Turkey -- -- Software exploits take advantage of bugs or vulnerabilities in software and use them to cause unintended behavior on computer systems. Most exploits are used to gain control of a system, or to attack it using a denial of service. Vulnerabilities and bugs arise due to human factors in software programming. Oversights are bound to happen and preventing them is nearly impossible. For this reason, the Air Force requires all software on its network to be analyzed and approved before installation. Analysis determines the software's risk level and allows the Air Force to track patches and upgrades in response to known vulnerabilities. Software that has not been through this process represents a serious risk to the network. The Network Operations Security Center scans the network regularly for unauthorized software. Violators face serious consequences, including the loss of network privileges. Properly Installing software on a computer requires a few steps. First, users should check the Air Force Electronic-Approved Products List and the transitional AF E-APL, which combine to include all software that is approved for use on the network. If the software is not on one of those lists, it must be approved by the Air Force Communications Agency prior to installation. Questions about the E-APL and the approval process for new software can be directed to the Wing Information Assurance Office. The responsibility for network security rests with every user. Before installing any new software, ensure that it has been approved by the Air Force.