http://www.washingtontechnology.com/news/1_1/daily_news/26983-1.html
By Alice Lipowicz
Staff Writer
09/13/05
The Transportation Security Administration has improved its network
security, but the agency still cannot ensure that critical computer
network operations and data are protected from hackers and can be
restored following an emergency, according to a new report [1] from
the Homeland Security Department's Office of the Inspector General.
The TSA falls short in developing and implementing processes such as
security testing, monitoring with audit trails, configuration and
patch management, and password protection, the report said. Also,
contingency plans have not been made final nor tested.
"TSA has taken actions and made progress in securing its networks,"
states the redacted version of the report. "However, TSA can make
further improvements to secure its networks."
Computer networks are vital to homeland security for sharing
information among government agencies. But they also contain sensitive
data that must be protected from unauthorized access and manipulation
from hackers and cyberterrorists.
The TSA, which oversees passenger and baggage screening and other
security procedures at the nation's airports, shares information with
airports through a wide area network. But it lacks a comprehensive
security testing program to insure the integrity of that network, the
report said.
While some vulnerability scans are performed monthly, TSA does not
conduct "penetration testing" and "password analysis," and does not
test all devices connected to the network as recommended, the report
said.
"Security vulnerabilities continue to exist because TSA has not
implemented a comprehensive testing program to identify obsolete
software versions or applicable patches on its network devices," the
inspector general wrote. The report recommended testing to include
"periodic network scanning, vulnerability scanning, penetration
testing, password analysis and war driving."
TSA officials agreed with the advice, according to the report.
TSA has strengthened security configurations on its servers and
workstations in comparison to what was found in a previous audit, the
report said. However, the agency still needs to make improvements
including detailed configuration procedures, development of a patch
management policy, implementing a strong password policy and secure
configuration of routers.
The audit found a list of accounts on two TSA workstations that could
be accessed without identification and authentication, a vulnerability
which could be exploited by a hacker.
On patch management, the audit discovered that TSA relies on the patch
management procedures developed by the contractor responsible for
network management, and it recommended that the agency develop its own
documented policy.
The inspector general scolded TSA for allowing multiple users to share
passwords for several administrative accounts, and it also pointed out
that TSA's draft password policy does not comply with the Homeland
Security Department's requirements for strong passwords.
[1] http://www.dhs.gov/interweb/assetlibrary/OIGr_05-31_Aug05.pdf
_________________________________________
Attend ToorCon
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
