Govt. Report Slams FBI's Internal Network Security 70
An anonymous reader writes "The Government Accountability Office, the federal government's watchdog agency, Thursday released a report critical of the FBI's internal network, asserting it lacks security controls adequate to thwart an insider attack. Among its other findings, the GAO said the FBI did not adequately "identify and authenticate users to prevent unauthorized access." The GAO report also criticized FBI network security in other regards, saying that there was a lack of encryption to protect sensitive data and patch management wasn't being done in a timely manner."
Common Knowledge (Score:5, Informative)
FBI Blames Broken DB for FBI Breaking Laws (Score:3, Informative)
Since, as usual, no one at Bush's FBI has suffered after disclosure of this destructive abuse, the excuse will of course multiply in popularity.
Funny how Bush Gang "mistakes" always seem to benefit Bush, though his gang claims it's all just accident and happenstance. Random distributions that always favor Bush must be "miracles".
Pipe Dream: what's the cost? (Score:3, Informative)
(1) configure network devices and services securely to prevent unauthorized insider access;
(2) identify and authenticate users to prevent unauthorized access;
(3) enforce the principle of least privilege to ensure that authorized access was necessary and appropriate;
(4) apply strong encryption techniques to protect sensitive data on its networks;
(5) log, audit, or monitor security-related events;
(6) protect the physical security of its network; and
(7) patch key servers and workstations in a timely manner.
I work in Financial Services a lot - these solutions aren't necessarily all implemented that strongly, the limitation is cost. Without seeing a costing plan for the above utopian remediation I'm not so sure it is needed. I'm not saying the FBI are necessarily good - just that the report language is too general/pipe dreamish to know.