AUDIT: 1800 “Renegade” Web Servers at IRS
The Treasury Inspector General for Tax Administration, the IRS’ internal auditors, report that over 1800 internal web servers on the IRS network had not been approved to connect to the network, and over 2000 internal web servers connected to the network had at least 1 high-, 1 medium-, or 1 low-risk security vulnerability.
According to the report, the unauthorized servers pose a greater risk because the IRS has no way to ensure that they will be continually configured in accordance with security standards or patched when new vulnerabilities are identified. Malicious hackers or disgruntled employees could exploit the vulnerabilities on these web servers to manipulate data on the server or use the servers as a launching point to attack other computers on the network.
In addition to security vulnerabilities, the auditors found that the IRS was using 33 different web server software packages. The auditors believe that using as few products as possible would limit security risks, such as monitoring for security vulnerabilities, and to control costs for licensing fees, training, and maintenance.
September 15th and October 15th are are the deadlines for filing certain federal taxes returns for tax year 2007, for those that filed for an extention. The IRS spends a lot of money encouraging e-filing. This report may cause some to consider snail mail for filing tax returns.
Read the complete report here.
datasecurityblog.wordpress.com 
April 11, 2009 at 7:45 am
[…] As we have covered in the Data Security Podcast, Federal Government’s own auditors have reported that the Feds have a terrible track record in protecting data. For example, in a September report featured on this site: […]
August 28, 2009 at 3:25 pm
[…] As we have covered in the Data Security Podcast, the Federal Government’s own auditors have reported that the Feds have a terrible track record in protecting data. For example, in a September report featured on this site: […]