Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, December 17, 2004

DHS Audit Unearths Security Weaknesses

An audit of the Department of Homeland Security’s system controls for remote access has found an alarming absence of configuration guidelines and several unpatched software products that put the DHS at risk of malicious hacker attacks.

In a report made public this week, the Office of Inspector General in the DHS warned that the audit turned up weaknesses in the systems used to avoid unauthorized access.

“Due to these remote access exposures, there is an increased risk that unauthorized people could gain access to DHS networks and compromise the confidentiality, integrity, and availability of sensitive information systems and resources,” the report said.

The OIG also discovered that the DHS does not provide adequate or effective system security controls over remote access to its computer systems and data.

“In assessing the effectiveness of remote access controls, we identified several problems related to remote access host configurations, system patching, and the control of modems.

On the findings that system patches were not applied, Cooper said that all of the patches identified in the audit were in testing to be implemented.

http://www.eweek.com/article2/0,1759,1743639,00.asp?kc=EWRSS03119TX1K0000594

Posted on 12/17
News • (0) CommentsPermalink