TIGTA finds IRS network security threat
Friday, September 5, 2008
The Treasury Inspector General for Tax Administration (TIGTA) has found more than 1,500 unauthorized web servers on the Internal Revenue Service's (IRS) network, leaving systems vulnerable to attack from hackers.
In September 2007, the group ran network security checks on the servers attached to its system and found that of those identified as having vulnerabilities, 87 per cent were not listed on its internal database.
"Unauthorized servers pose a greater risk because the IRS has no way to ensure that they will be continually configured in accordance with security standards and patched when new vulnerabilities are identified," TIGTA wrote in the report.
Follow-up tests conducted in March found that of the 2,093 servers examined, 437 had high-risk network security vulnerabilities.
To rectify the problem, the report urged network security teams at the IRS to take control of web registration programs in order to block unauthorized access.
In other developments, earlier this year TIGTA conducted an IRS tax forum presentation to alert employees to the risk that phishing scams pose to tax professionals.
Related News:
Cyber czar not needed, Republican Collins says - 11.3.2009
The top Republican on the Senate homeland security committee is opposed to the appointment of a cyber coordinator or "cyber czar" in the White House, saying cybersecurity should be rooted in the Department of Homeland Security.
US-CERT warns of BlackBerry PhoneSnoop spyware application - 10.28.2009
A free BlackBerry smartphone application created by a security researcher installs spyware on the phone for listening to calls, the U.S. Computer Emergency Readiness Team warned Tuesday.
Defense department looking at flash drive, social networking security - 10.27.2009
The Department of Defense may partially lift a ban on USB flash drives, which had been abolished in November 2008 because of worms and viruses spreading across defense networks from infected USB thumb drives.
Microsoft's Ballmer talks Sidekick, data security, SharePoint - 10.20.2009
It's a big month for Microsoft, which is releasing its hugely marketed Windows 7 operating system this week after earlier this month plugging security holes in Windows 7 in the biggest Patch Tuesday ever, while a server crash short-circuited Sidekick user data.
Botnets proliferate, making DDoS attacks cheaper - 10.16.2009
Network security researchers tracking online criminal activity say the underground marketplace for networks of hacked computers - botnets - has become so crowded in recent years that renting a botnet to launch attacks is becoming cheaper.
|
