Information Security News mailing list archives
TIGTA: The IRS lacks secure Web servers
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 5 Sep 2008 04:42:47 -0500 (CDT)
http://www.fcw.com/online/news/153690-1.html By Mary Mosquera FCW.com September 4, 2008 Unauthorized and insecure Web servers connect to the Internal Revenue Service’s network, which puts the agency’s computers and entire network at risk of unauthorized access to taxpayer and personally identifiable information, the Treasury Inspector General for Tax Administration said in a recent report [1]. The IRS has 1,811 unapproved internal Web servers on the network and 2,093 internal Web servers that have some security weaknesses, the TIGTA report, released Sept. 3, states. The IRS requires that business units register all internal Web sites and Web servers with the Modernization and Information Technology Services organization, but some fail to register their servers, the report states. The IRS might block unregistered servers from sharing information with the network. Because no office had responsibility for the Web registration program, the IRS has not enforced the requirement, allowing Web servers to connect to the network without proper authorization and accountability, the report states. [1] http://www.ustreas.gov/tigta/auditreports/2008reports/200820159fr.pdf [...]
__________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/
Current thread:
- TIGTA: The IRS lacks secure Web servers InfoSec News (Sep 05)