Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security United States

Govt. Report Slams FBI's Internal Network Security 70

Posted by CowboyNeal from the uncle-sam's-open-doors dept.
An anonymous reader writes "The Government Accountability Office, the federal government's watchdog agency, Thursday released a report critical of the FBI's internal network, asserting it lacks security controls adequate to thwart an insider attack. Among its other findings, the GAO said the FBI did not adequately "identify and authenticate users to prevent unauthorized access." The GAO report also criticized FBI network security in other regards, saying that there was a lack of encryption to protect sensitive data and patch management wasn't being done in a timely manner."
This discussion has been archived. No new comments can be posted.

Govt. Report Slams FBI's Internal Network Security More

Govt. Report Slams FBI's Internal Network Security

Comments Filter:

  • Common Knowledge (Score:5, Informative)

    by Anonymous Coward on Friday May 25, 2007 @02:50AM (#19266389)
    I've worked in another agency in a related line of work. FBI security is a joke. Everyone knows it. An FBI agent's idea of "information security" is carrying a gun when he brings home Top Secret documents in his glove compartment. Their security flaws are a reason intelligence organizations are reluctant to cooperate.

  • FBI Blames Broken DB for FBI Breaking Laws (Score:3, Informative)

    by Doc Ruby ( 173196 ) on Friday May 25, 2007 @08:09AM (#19268021) Homepage Journal
    The FBI has blamed its blatant longterm abuse [techdirt.com]of the Bush privacy-invasion toy "National Security Letters" on its broken database.

    Since, as usual, no one at Bush's FBI has suffered after disclosure of this destructive abuse, the excuse will of course multiply in popularity.

    Funny how Bush Gang "mistakes" always seem to benefit Bush, though his gang claims it's all just accident and happenstance. Random distributions that always favor Bush must be "miracles".

  • Pipe Dream: what's the cost? (Score:3, Informative)

    by cyberianpan ( 975767 ) on Friday May 25, 2007 @09:37AM (#19268919)
    TFR

    Specifically, FBI did not consistently
    (1) configure network devices and services securely to prevent unauthorized insider access;
    (2) identify and authenticate users to prevent unauthorized access;
    (3) enforce the principle of least privilege to ensure that authorized access was necessary and appropriate;
    (4) apply strong encryption techniques to protect sensitive data on its networks;
    (5) log, audit, or monitor security-related events;
    (6) protect the physical security of its network; and
    (7) patch key servers and workstations in a timely manner.
    Insider attack is always a risk, full solutions against it are 1) Impossible 2) Infinitely costly (see 1)
    I work in Financial Services a lot - these solutions aren't necessarily all implemented that strongly, the limitation is cost. Without seeing a costing plan for the above utopian remediation I'm not so sure it is needed. I'm not saying the FBI are necessarily good - just that the report language is too general/pipe dreamish to know.

Slashdot Top Deals

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Close