United States Department of Agriculture s4
Total Page:16
File Type:pdf, Size:1020Kb
United States Department of Agriculture
Research, Education, and Economics Agricultural Research Service
May 12, 2009
SUBJECT: Unauthorized Peer-to-Peer (P2P) and Instant Messaging (IM) Programs on Government Owned Computers
TO: All Agency Employees
FROM: Melinda L. McClanahan Chief Information Officer
This memo is a reminder to all ARS employees that the use of Peer-to-Peer (P2P) and Instant Messaging (IM) software is prohibited on all USDA equipment and networks. P2P is software that is used to obtain freeware, shareware, and bootleg software. Other types of P2P applications include gaming and telephony. Some P2P and IM applications allow computer users to directly access files from other hard drives. These files include music, movies, and documents.
Examples of Prohibited Software
File Sharing – this allows users to search each other’s hard drives for specific files or information (music, movies, etc.).
Bit Torrent Edonkey Gnutella EMule Kazaa BearShare WinMX Limewire Napster Morpheus PC Anywhere Timbuktu
Instant Messaging/Telephony – this allows users to chat via text messaging in real time in addition to sharing files and initiating telephone calls over the Internet.
Yahoo Messenger MSN Messenger Windows Messenger Skype AOL Instant Messenger
Office of the Chief Information Officer 5601 Sunnyside Avenue Beltsville, MD 20705-5143 An Equal Opportunity Employer United States Department of Agriculture
Research, Education, and Economics Agricultural Research Service
So why is the use of P2P and IM software such a “big deal”? It’s because P2P file sharing can potentially compromise computer systems and create a security threat. The use of P2P and IM software creates vulnerabilities that can be exploited to bring malicious code and illegal material (bad stuff!) into a Government network. IM allows the use of attachments that can bring malicious code through ports that you think are safe. P2P can also allow inadvertent illegal sharing of files such as copyrighted movies and music.
So how does anyone know this is happening? Well, the USDA Cyber Security office constantly monitors all USDA networks – including ARSnet - for P2P and IM traffic. . Upon detection of P2P or IM activity in ARS, the ARS-OCIO Cybersecurity Branch is notified by the Department with instructions to investigate and mitigate the activity. Appropriate disciplinary action is also required. Investigating incidents creates a sizable time drain on my OCIO staff since they are required to follow up on all reported activity, no matter how minimal.
So here is what I am asking you to do: If you currently have any P2P or IM software installed on your government equipment, please remove it immediately. Many new laptops and desktops have IM software pre-installed. Remove it before putting that computer to use. Should you have questions or need assistance removing this software, please contact your local IT support personnel. No disciplinary action will be taken against employees who request help in removing prohibited software.
Very rarely an ARS employee may have a legitimate business need to use a prohibited application. If a policy exception is required for you to conduct your ARS business, you should email a justification statement that includes your immediate supervisor’s approval and signature to ARS-OCIO- [email protected]. Each request will be reviewed on an individual basis and forwarded to the Department for a decision. Waiver requests are valid for one a year and must be resubmitted on an annual basis.
Office of the Chief Information Officer 5601 Sunnyside Avenue Beltsville, MD 20705-5143 An Equal Opportunity Employer