Slashdot Mirror

← Back to Stories (view on slashdot.org)

Govt. Report Slams FBI's Internal Network Security

Posted by CowboyNeal on from the uncle-sam's-open-doors dept.

An anonymous reader writes "The Government Accountability Office, the federal government's watchdog agency, Thursday released a report critical of the FBI's internal network, asserting it lacks security controls adequate to thwart an insider attack. Among its other findings, the GAO said the FBI did not adequately "identify and authenticate users to prevent unauthorized access." The GAO report also criticized FBI network security in other regards, saying that there was a lack of encryption to protect sensitive data and patch management wasn't being done in a timely manner."

3 of 70 comments (clear)

  1. Common Knowledge by Anonymous Coward · · Score: 5, Informative

    I've worked in another agency in a related line of work. FBI security is a joke. Everyone knows it. An FBI agent's idea of "information security" is carrying a gun when he brings home Top Secret documents in his glove compartment. Their security flaws are a reason intelligence organizations are reluctant to cooperate.

  2. Good... by Mystery00 · · Score: 5, Funny

    Goooood, means it's possible to get to those x-files after all....

    --
    "we've got trenchcoats and bad attitudes" - John Constantine, HellBlazer
  3. Re:Windows ? by Lord_Frederick · · Score: 5, Interesting

    I've worked for private companies, local government and federal government. IT in some federal agencies is very scary.

    CAC cards are used, but terminal servers and websites for teleworking still allow username/password.

    Blackberries get CAC card readers for encrypted email, while flash drives and external hard drives are thrown into purses and bags.

    Remote computers co-located at contractor facilities STILL store LM hashes and don't have the physical security of a DoD office.

    EVERYONE writes down passwords because they have a dozen passwords to keep track of and each one is kept very similar to the next.

    Most users would not think twice about freely giving their password in a social engineering attack because IT here has gotten everyone in the habit of handing out their password to IT to "make things easier."

    Everyone is a local administrator, so google toolbars and instant messaging programs pop up here and there. The creative users block group policy.

    Don't even get me started on how the systems are managed. No folder redirection, no user storage on servers. Everyone stores their data on the local hard drive, and because they are local admins they put it anywhere. I've seen a guy storing his documents in c:\windows\system32.