{"id":606,"date":"2004-12-17T00:00:00","date_gmt":"2004-12-17T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2004\/12\/17\/dhs-audit-unearths-security-weaknesses\/"},"modified":"2021-12-30T11:37:47","modified_gmt":"2021-12-30T11:37:47","slug":"dhs-audit-unearths-security-weaknesses","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2004\/12\/17\/dhs-audit-unearths-security-weaknesses\/","title":{"rendered":"DHS Audit Unearths Security Weaknesses"},"content":{"rendered":"<p>An audit of the Department of Homeland Security&#8217;s system controls for remote access has found an alarming absence of configuration guidelines and several unpatched software products that put the DHS at risk of malicious hacker attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a report made public this week, the Office of Inspector General in the DHS warned that the audit turned up weaknesses in the systems used to avoid unauthorized access.<\/p>\n<p>&#8220;Due to these remote access exposures, there is an increased risk that unauthorized people could gain access to DHS networks and compromise the confidentiality, integrity, and availability of sensitive information systems and resources,&#8221; the report said.<\/p>\n<p>The OIG also discovered that the DHS does not provide adequate or effective system security controls over remote access to its computer systems and data.<\/p>\n<p>&#8220;In assessing the effectiveness of remote access controls, we identified several problems related to remote access host configurations, system patching, and the control of modems.<\/p>\n<p>On the findings that system patches were not applied, Cooper said that all of the patches identified in the audit were in testing to be implemented.<\/p>\n<p>http:\/\/www.eweek.com\/article2\/0,1759,1743639,00.asp?kc=EWRSS03119TX1K0000594<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-606","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=606"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/606\/revisions"}],"predecessor-version":[{"id":3093,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/606\/revisions\/3093"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=606"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}