AOH :: IS1487.HTM
Auditor: IRS must review network audit logs
|
Auditor: IRS must review network audit logs
Auditor: IRS must review network audit logs
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--1457021584-2014377816-1229411598=:11531
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:
http://www.fcw.com/online/news/154687-1.html
By Mary Mosquera
FCW.com
December 15, 2008
The Internal Revenue Service should bolster network and information
security by improving how it manages audit logs, the Treasury Inspector
General for Tax Administration said.
TIGTA made the recommendation while acknowledging that the agency has
effectively deployed systems to detect network intrusions at Internet
gateways.
Audit logs record who accessed a computer system, what operations they
performed and when, TIGTA said in a report released today. The auditor
redacted portions of the report.
The IRS did not properly save and review its audit logs, which increased
the likelihood that intruders could use the Internet to gain access to
sensitive taxpayer data without detection, the report states.
Auditing system logs is essential for detecting potential security
events, such as hacking attempts and other threats, said Michael
Phillips, TIGTA=E2=80=99s deputy inspector general for audit. Proper management
of audit logs ensures that operations performed on a system can be
traced back to an individual at a specific time, he added.
To minimize the risk to taxpayer data, the IRS has consolidated about 95
percent of its Internet traffic into a limited number of gateways, the
report states, although TIGTA redacted the number of external
connections. The Office of Management and Budget has directed all
agencies to reduce the number of gateways they have under the Trusted
Internet Connections initiative.
[...]
--1457021584-2014377816-1229411598=:11531
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
--1457021584-2014377816-1229411598=:11531--
Site design & layout copyright © 1986- CodeGods