AUDIT: 1800 “Renegade” Web Servers at IRS

The Treasury Inspector General for Tax Administration, the IRS’ internal auditors, report that over 1800 internal web servers on the IRS network had not been approved to connect to the network, and over 2000 internal web servers connected to the network had at least 1 high-, 1 medium-, or 1 low-risk security vulnerability.

According to the report, the unauthorized servers pose a greater risk because the IRS has no way to ensure that they will be continually configured in accordance with security standards or patched when new vulnerabilities are identified. Malicious hackers or disgruntled employees could exploit the vulnerabilities on these web servers to manipulate data on the server or use the servers as a launching point to attack other computers on the network.

In addition to security vulnerabilities, the auditors found that the IRS was using 33 different web server software packages. The auditors believe that using as few products as possible would limit security risks, such as monitoring for security vulnerabilities, and to control costs for licensing fees, training, and maintenance.

September 15th and October 15th are are the deadlines for filing certain federal taxes returns for tax year 2007, for those that filed for an extention. The IRS spends a lot of money encouraging e-filing. This report may cause some to consider snail mail for filing tax returns.

Read the complete report here.

2 Responses to “AUDIT: 1800 “Renegade” Web Servers at IRS”

  1. […] As we have covered in the Data Security Podcast, Federal Government’s own auditors have reported that the Feds have a terrible track record in protecting data. For example, in a September report featured on this site: […]

  2. […] As we have covered in the Data Security Podcast, the Federal Government’s own auditors have reported that the Feds have a terrible track record in protecting data. For example, in a September report featured on this site: […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: