DOT firewall can't take the heat

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Cyber-Informed Engineering for OT Security and AVEVA PI Users
Presented By Carahsoft
Download Now
Revolutionizing Workforce Management for Federal Employees
Presented By Ultimate Kronos Group
Download Now
By Paula Shaki Trimble

By Paula Shaki Trimble

|

The Transportation Department's Office of Inspector General conducted an audit from November 1999 to August 2000 to assess the information security vulnerabilities of 1,100 computers and 119 public-view Web servers at DOT headquarters.

Related Links

"Audit scorches DOT security"

"Headquarters Computer Network Security," Report No. FI-20000-124

"FAA infosec workers get lift"

"Infosec takes front seat at DOT"

"FAA security office opens for business"

"GAO scolds FAA over Year 2000"

The Transportation Department's Office of Inspector General conducted an

audit from November 1999 to August 2000 to assess the information security

vulnerabilities of 1,100 computers and 119 public-view Web servers at DOT

headquarters. Investigators found:

* They could gain unauthorized access from the Internet to about 270 computers

located behind DOT's firewall. Those computers were at administrations other

than the Federal Aviation Administration and the U.S. Coast Guard.

* Unauthorized insiders — such as employees, contractors and grantees — could access about 900 computers located throughout DOT internal agencies.

* Internet users were allowed to bypass DOT's firewall security and

gain access to DOT's private networks because 13 public Web servers were

inappropriately placed on DOT's private networks. Users could click on the

link to the private sites from the public Web pages.

* Of the 119 Web servers reviewed, the IG office identified a total

of 111 vulnerabilities on 67 Web servers.

Source: DOT Office of Inspector General audit report

NEXT STORY: Europe faces PKI Challenge