DOT firewall can't take the heat
- By Paula Shaki Trimble
- Oct 02, 2000
The Transportation Department's Office of Inspector General conducted an
audit from November 1999 to August 2000 to assess the information security
vulnerabilities of 1,100 computers and 119 public-view Web servers at DOT
headquarters. Investigators found:
* They could gain unauthorized access from the Internet to about 270 computers
located behind DOT's firewall. Those computers were at administrations other
than the Federal Aviation Administration and the U.S. Coast Guard.
* Unauthorized insiders — such as employees, contractors and grantees — could access about 900 computers located throughout DOT internal agencies.
* Internet users were allowed to bypass DOT's firewall security and
gain access to DOT's private networks because 13 public Web servers were
inappropriately placed on DOT's private networks. Users could click on the
link to the private sites from the public Web pages.
* Of the 119 Web servers reviewed, the IG office identified a total
of 111 vulnerabilities on 67 Web servers.
Source: DOT Office of Inspector General audit report