DOT firewall can't take the heat

The Transportation Department's Office of Inspector General conducted an

audit from November 1999 to August 2000 to assess the information security

vulnerabilities of 1,100 computers and 119 public-view Web servers at DOT

headquarters. Investigators found:

* They could gain unauthorized access from the Internet to about 270 computers

located behind DOT's firewall. Those computers were at administrations other

than the Federal Aviation Administration and the U.S. Coast Guard.

* Unauthorized insiders — such as employees, contractors and grantees — could access about 900 computers located throughout DOT internal agencies.

* Internet users were allowed to bypass DOT's firewall security and

gain access to DOT's private networks because 13 public Web servers were

inappropriately placed on DOT's private networks. Users could click on the

link to the private sites from the public Web pages.

* Of the 119 Web servers reviewed, the IG office identified a total

of 111 vulnerabilities on 67 Web servers.

Source: DOT Office of Inspector General audit report

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.