logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 257 days ago
Via: http://lists.jammed.com | Tags: isn ig energys web sites lack security comments Discuss  


http://www.fcw.com/online/news/151957-1.html



By Wade-Hahn Chan

FCW.com

March 19, 2008



Visitors to Energy Department Web sites should not be redirected to

pornography, the departments Inspector Generals Office said in a report.



But that has happened, the oversight office found. DOE sites suffered 60

security incidents on public servers in the past three years, with some

22 incidents occurring in the past year, the report states.



More than half of those attacks resulted in defaced home pages,

including the changing of the home page of Brookhaven National

Laboratorys Web site to route visitors to pornographic links.



The IG report also found that some sites had lax controls on publicly

accessible information, resulting in eight incidents in which personally

identifiable information was exposed. It noted that some of the sites

did not meet National Institute of Standards and Technology standards

for securing public Web servers.



The IG report recommended that DOE complete guidance on how to secure

its agencies Web sites. Previous attempts to create such guidance

stalled. The agency released a Web guidance manual in 2005 that was

never released. DOE created another manual last year that has not been

issued yet, but the IG report criticized the draft manuals lack of

specificity and a timeline.



Facilitating communication with the citizenry is in the national

interest, Energy IG Gregory Friedman said in a letter attached to the

March 13 report. However, the unavoidable fact is that such

communication may well impact agency cybersecurity vulnerabilities.



The report found that some of the national labs have taken proactive

steps toward securing their Web sites. The IG praised Oak Ridge,

Lawrence Livermore, Los Alamos and Lawrence Berkeley national

laboratories for implementing Web applications that detect possible

vulnerabilities.



It also noted that the Los Alamos, Lawrence Livermore and Sandia labs

developed separate Web sites for use in emergency situations.

Additionally, Oak Ridge moved all of its systems and independent Web

sites under its central information technology management, resulting in

enhanced security and possible cost and time savings.





___________________________________________________

Subscribe to InfoSec News

http://www.infosecnews.org/mailman/listinfo/isn





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security