Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"Good! Its very good blog the for the people who are having debit collection and credit report ..."
on Fake Microsoft anti-spyware site stealing credit card info
by identity theft lawyers | Jul 4, 2009 6:55 PM
 
"nothing"
on Ads on Facebook serving up adware
by UMAIR | Jul 4, 2009 5:54 PM
 
"Thank you "
on Search engine promises completely private surfing
by Dr. Holub | Jul 4, 2009 11:17 AM
 
"Agree that wireless hotspots are an easy way for hackers to gather information from connected ..."
on New devices make hotspots a hacker's paradise
by Patrick Hooper | Jul 3, 2009 4:06 AM
 
"Katarzyna what has this got to do with Symantec?? "
on Mobile phone directory service faces consumer uproar
by PaulC | Jul 2, 2009 12:55 PM
Network Access

Unauthorised web servers connected to IRS network

  • Email a Friend
  • Print Page
Related Articles
By Sue Marquette Poremba
Sep 8, 2008 9:44 AM
Tags: web | servers | connected | IRS | network | botnet
The US Internal Revenue Service found 1,811 unauthorised web servers connected to its network.
The US Internal Revenue Service (IRS) has identified 1,811 unauthorised web servers connected to the agency's network, according to a recent audit report.

The report, from the U.S. Treasury Inspector General for Tax Administration, stated that a network scan from the IRS Computer Security Incident Response Center identified 2,093 potential web servers with at least one security vulnerability connected to the IRS network.

These results were compared to the IRS' web registration database and found 1,811 connected web servers were not authenticated to connect to the network.

“We recognise that some of these unauthorised web servers could be legitimate web servers supporting IRS operations,” the audit report stated.

“For example, the Enterprise Operations organisation was able to show that 661 (36 percent) of the 1,811 web servers had a legitimate business purpose. The risk exists that the remaining 1,150 unauthorised web servers are being used for non-business purposes.”

The IRS attributed the existence of unauthorized web servers to web server owners not registering their servers with the agency. It also said that responsibility for registration remained unassigned since September 2006.

Arthur Gonzalez, IRS chief information officer, said in a statement that his office agrees with recommendations to better protect its network, including procedures to block unauthorised web servers, require annual network scans and limit the number of approved web software packages for web servers.  The IRS' goal is to have all the recommendations implemented by Aug. 1, 2009.

However, Ken Stasiak, CEO of SecureState, which supplies security services to government and businesses, told SCMagazineUS.com on Friday that the IRS' findings are alarming.

The unauthorised web servers can open up the door for hackers, Stasiak said.

“Classified information is pretty well protected,” he said. “Unfortunately, IRS information on taxpayers is not deemed classified.”

See original article on scmagazineus.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Exclusive Data Centre - Sponsored Content by Microsoft
 
Access Control Whitepapers
 
Popular Tags
botnet censorship china chinese clearswift dam google government green internet mail malware network phishing security server smart software spam web