[ISN] DHS Web sites vulnerable to hackers, IG says

[InfoSec News <alerts@xxxxxxxxxxxxxxx>]

http://fcw.com/articles/2009/10/09/dhs-web-sites-vulnerable-to-hackers-ig-says.aspx

By Alice Lipowicz
FCW.com
Oct 09, 2009

The Homeland Security Department's most popular Web sites appear to be 
vulnerable to hackers and could put department data at risk of loss or 
unauthorized use, according to a new report from DHS Inspector General 
Richard Skinner.

An audit of cybersecurity for DHS' nine most frequently visited Web 
sites found that although general security protocols were followed, 
there were still a number of vulnerabilities and gaps in security, 
including inconsistent management of security patching and security 
assessments.

"These vulnerabilities could put DHS data at risk," Skinner wrote in the 
report issued Oct. 8. "In addition, DHS can make improvements in 
managing its system inventory and providing technical oversight and 
guidance in order to evaluate the security threats to its public-facing 
Web sites."

The nine sites - including sites for DHS agencies that include U.S. 
Customs and Border Protection, the Coast Guard, and the Transportation 
Security Administration - had recommended security settings and controls 
in addition to strong password and access controls, but had weaknesses 
in other areas, Skinner wrote.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org