cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,092
A government employee at the U.S. Geological Survey (USGS) used his work laptop to search over 9,000 porn web pages while on the U.S. Government's network. These pages were routed through Russian servers and contained malware. An investigation by the Office of lnspector General (OIG) into suspicious internet traffic discovered the transgressions. The employee's Android phone and an unauthorized USB device used to store pornographic images were connected to the laptop and also contained malware infections. These were in violation of the Rules of Behavior at the U.S. Department of the Interior and the employee admitted to receiving annual IT security training.
We recommend that the USGS enforce a strong blacklist policy of known rogue Uniform Resource Locators (more commonly known as a web addresses) or domains and regularly monitor employee web usage history. Since this incident, the EROS Center has deployed enhanced intrusion detection systems and firewall technology to assist in the prevention and detection of rogue websites trying to communicate with Government systems. An ongoing effort to detect and block known pornographic web sites, and web sites with suspicious origins, will likely enhance preventative countermeasures. We further recommend that USGS employ an IT security policy that would prevent the use of unauthorized USB devices on all employee computers. Best practices for malware incident protection include restricting the use of removable media and personally owned mobile devices.
We recommend that the USGS enforce a strong blacklist policy of known rogue Uniform Resource Locators (more commonly known as a web addresses) or domains and regularly monitor employee web usage history. Since this incident, the EROS Center has deployed enhanced intrusion detection systems and firewall technology to assist in the prevention and detection of rogue websites trying to communicate with Government systems. An ongoing effort to detect and block known pornographic web sites, and web sites with suspicious origins, will likely enhance preventative countermeasures. We further recommend that USGS employ an IT security policy that would prevent the use of unauthorized USB devices on all employee computers. Best practices for malware incident protection include restricting the use of removable media and personally owned mobile devices.