TIGTA Advises IRS about Enhancing its Computer Security
According to a report from the US Treasury Inspector General for Tax Administration (TIGTA), the Internal Revenue Service must run a computer scan on all its servers every week as a safeguard against software attacks and malicious code. The report was published on March 16, 2009.
Since merely 89% of all computer servers are scanned every week and the rest scanned much fewer times or never at all, the scanning job is insufficient to protect customers, according to the report.
Deputy Inspector General for Audit, Michael Philips, says that the installation of malicious software on the servers pose a huge threat because numerous users access these servers, transmitting infection to other systems, as reported by FederalComputerWeek on March 16, 2009.
Besides server scanning, IRS must update its antivirus programs to the latest version regularly. The report also suggests that it takes the agency two days to update 96% of its computer systems' antivirus software and seven days for similar updation for 100% systems.
TITGA further advised IRS to inform its employees of any malware incident so that they know beforehand what actions by them might lead to infection and distribution of the same.
Notably, among 661 malware attacks notified to IRS during 2007, a total of 311 effectively planted malicious software on a PC as well as started executing a harmful program. Further, 69% of malicious software transmitted from a computer that hosted an infected site, the report discovered.
A frequent comment that TIGTA makes on IRS is that the agency does not pay sufficient attention to the safety of its sensitive computers.
Meanwhile, IRS acknowledged TIGTA's recommendations about running servers through antivirus scans on a weekly basis, and of regularly reminding administrators about restrictions on accessing the Internet.
Furthermore, the security specialists state that reports of security fallacies on the IRS systems are not new. Since long, security companies are striving to provide effective protection to IRS so that customers could not become victim of hackers.
Related article: Test Finds Vulnerabilities in Avaya, Cisco and Nortel Products
» SPAMfighter News - 23-03-2009