Unauthorized Web servers provide a way into IRS networks

When a friend told me about how the IRS recently discovered that it had had some unauthorized connections made to its network, my interest was piqued. I found an article by Jill R. Aitoro " IRS finds unauthorized Web servers connected to its networks" that indicated hundreds of Web servers had connected to IRS networks.

Not only were these unauthorized connections troublesome in and of themselves, but scarier still is the fact they they leave the agency vulnerable to malevolent hackers as well. The article indicates that just a year ago, over 2,000 of the IRS Web servers had at least one vulnerability and that less than half of those were being used for legitimate IRS business. That means that over half of those servers (unregistered with the IRS) could be put to use for unauthorized activity - a fact that justifiably does not sit well with the IRS. When Web servers remain unauthorized, the IRS isn't able to monitor them, nor ensure that they're continually patched when required.

I was glad to learn that a follow up audit in March showed that there has been some improvement, but while more server security holes had been patched, most (1,936 out of 2,093) still had at least one security hole. But, of those "only" 437 were considered "high-risk" vulnerabilities (such as weak or lack of password requirement or a buffer overflow). One of the recommendations made by the Inspector General as a result of the audit was requiring an annual scan of Web servers and comparison of the scan results to the registration database. That seems like a straightforward, logical step toward resolving at least this part of the (in)security issue.