TIGTA: IRS routers need stronger security

The IRS did not put in place sufficiently strong access controls for its routers and did not monitor security configuration changes in order to identify inappropriate use, putting information about taxpayers at risk, the Treasury Inspector General for Tax Administration (TIGTA) said in a report released April 7.

The IRS sends sensitive taxpayer and administration information across its networks, so routers on the networks must have adequate security controls to deter and detect unauthorized use.

“A disgruntled employee, contractor or hacker could reconfigure routers and switches to disrupt computer operations and steal taxpayer information in a number of ways, including diverting information to unauthorized systems,” said Michael Phillips, TIGTA’s deputy inspector general for audit..

Of the 374 users that IRS managers authorized to have entry to the Terminal Access Controller Access Control System to administer and configure routers and switches, 38 percent did not have proper authorization, the report said. Of those, 27 employees and contractors had accessed the routers and switches to change security configurations, TIGTA said. Systems administrators had circumvented a security application for the system that requires a login and password by establishing 34 unauthorized accounts that appeared to be shared-user accounts.

“Any person who knew the passwords to these accounts could change configurations without accountability and with little chance of detection,” Phillips said. During fiscal 2007, 84 percent of the 5.2 million accesses to the system were through the 34 accounts, and none were properly authorized.

IRS’ Cybersecurity office, part of the agency's Modernization and Information Technology Services organization, did not conduct audit trail log reviews, which can reveal potential security events, such as hacking attempts, virus or worm infections and attempts to change information.

Arthur Gonzalez, IRS chief information officer, said that the agency has improved the control and monitoring of routers and switches and would implement most of TIGTA’s recommendations by July. All 369 access control system users now have valid authorizations, and IRS provides the minimum level of permission for those users. IRS also has implemented configuration management and compliance initiatives to assure their appropriate maintenance and configuration, he said.

“Our policy has always been to prohibit shared accounts and to require every user to have his or her own user ID and password with authorization,” Gonzalez said.

In 2009, IRS will deploy a new CiscoWorks infrastructure that will reduce from 24 to six the number of service accounts, and likewise reduce the number of transactions from 5.2 million t

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.