Wednesday, June 06, 2007

FBI security fails

The US Federal Bureau of Investigation (FBI), America's law enforcement agency, fails to apply the necessary security measurements on its computer systems and networks. A report by the US Government Accountability Office (GOA) summarizes shortcomings in information security controls on the FBI's critical internal network.

Some of the problems GOA discovered after analysing the FBI computer network were insecure configuration of network devices and services, flaws in identification and authorization of users and clearances for access privileges. Critical information was found on the internal network, not protected by strong encryption. Also, key servers and workstations were not patched in a timely manner. According to GOA these security flaws increase risk of unauthorized disclosure or modification, and could result in a disruption of service.

This report is actually an interesting summary of tips on how to improve security and this applies not only to the FBI but also to any other network, from personal use to large enterprises. People often don't realise how much critical information can leak out, and how severe the consequences can be. Information theft, cyber crime or industrial espionage, it's every ones business, even the little guy in a small private company. One thing this report proves is that good encryption is underestimated by too many people, even by the FBI who should know their job even better than the rest! I'll keep telling, the only realy secure computer is a stand-alone one, inside a safe! You can read the full GOA report in this pdf.

No comments: