[Infowarrior] - GAO: FBI network security = bad

Richard Forno rforno at infowarrior.org
Fri May 25 13:48:08 UTC 2007


http://www.gao.gov/new.items/d07368.pdf

"FBI Needs to Address Weaknesses in Critical Network"

"... FBI did not consistently (1) configure network devices and services
to prevent unauthorized insider access and ensure system integrity; (2)
identify and authenticate users to prevent unauthorized access; (3)
enforce the principle of least privilege to ensure that authorized
access was necessary and appropriate; (4) apply strong encryption
techniques to protect sensitive data on its networks; (5) log, audit, or
monitor security-related events; (6) protect the physical security of
its network; and (7) patch key servers and workstations in a timely
manner. Taken collectively, these weaknesses place sensitive information
transmitted on the network at risk of unauthorized disclosure or
modification, and could result in a disruption of service, increasing
the bureau's vulnerability to insider threats."





More information about the Infowarrior mailing list