Create an Account
username: password:
 
  MemeStreams Logo

Inadequate Security Controls Over Routers and Switches Jeopardize Sensitive Taxpayer Information

search

possibly noteworthy
Picture of possibly noteworthy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

possibly noteworthy's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
  Humor
Current Events
  War on Terrorism
Recreation
Local Information
  Food
Science
Society
  International Relations
  Politics and Law
   Intellectual Property
  Military
Sports
Technology
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Inadequate Security Controls Over Routers and Switches Jeopardize Sensitive Taxpayer Information
Topic: High Tech Developments 7:22 am EDT, Apr  9, 2008

The IRS uses the Terminal Access Controller Access Control System (TACACS ) to administer and configure routers and switches. Users of the TACACS must be authorized by managers. The IRS had authorized 374 accounts for employees and contractors that could be used to access routers and switches to perform system administration duties. Of these, 141 (38 percent) did not have proper authorization to access the TACACS . Authorizations for 86 of the 141 employee and contractor accounts had been provided on some prior date, but the authorizations had expired at the time of our review. However, we could not find that the other 55 employee and contractor accounts had ever been authorized to access the System. We are particularly concerned that 27 of the 55 employees and contractors had accessed the routers and switches to change security configurations.

To authenticate users, the TACACS uses a security application that requires users to enter an account name and password. System administrators had circumvented this control by setting up 34 unauthorized accounts that appear to be shared-user accounts. Any person who knew the passwords to these accounts could change configurations without accountability and with little chance of detection. For this reason, the IRS requires that shared accounts be used only on a limited basis and that they be subjected to special authorization controls. However, during Fiscal Year 2007, 4.4 million (more than 84 percent) of the 5.2 million accesses to the TACACS were made by the 34 user accounts. None of the accounts were properly authorized.

Inadequate Security Controls Over Routers and Switches Jeopardize Sensitive Taxpayer Information



 
 
Powered By Industrial Memetics
RSS2.0