We recommend that EEOC:
- Determine if listening ports or entire system should be blocked from public access;
- Regularly review network device search engines for new systems belonging to EEOC or those that may be masquerading as EEOC systems;
- Perform a forensic analysis on identified system to ensure no malicious access has taken place;
- For authorized remote sessions, create a control to address remote access being left open after the session has concluded. The controls should at minimum require the session owner to ensure the remote session was closed at the conclusion of the session as well as an overall control run on a set basis that will identify any open remote sessions on endpoints;
- Create an auditability feature that checks internally via an agent when a device with remote access is listening;
- Create an auditability feature that checks for remote connection software being installed.