GovInfoSecurity.com - Information Security News, Regulations, & Education

Government Information Security Articles

IG Questions DHS Execution of Active Directory

Credit
EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Audit Reveals Departmental Data at Risk of Unauthorized Access, Destruction

June 8, 2010 - Eric Chabrow, Executive Editor, GovInfoSecurity.com

Save

Digg

Delicious

Please login or register to save this article.

An audit of the Department of Homeland Security's Microsoft Windows Active Directory at its headquarters revealed that its implementation failed to fully comply with the department's security guidelines, and no mechanism was in place to ensure its level of security, DHS's inspector general said in a report made public Tuesday.

"These systems were added to the headquarters domain, from trusted components, before their security configurations were validated," the IG report said. "Allowing systems with existing security vulnerabilities into the headquarters domain puts department data at risk of unauthorized access, removal, or destruction."

The report also said DHS does not have a policy to verify the quality of security configuration on component systems that connect to headquarters. "Interconnection security agreements are present for each connection between headquarters and components to secure shared services; however, neither the agreements nor other policy define specific security controls required for connecting systems," the IG said. "Stronger management and technical controls are needed on trusted systems to protect data provided by the department's enterprise-wide applications."

The IG made three recommendations, and said that DHS has initiate actions to implement them.

Active Directory provides authentication services on a network, allowing system administrators to assign security policies, deploy software and apply critical software updates to the organization's Windows servers and workstations.

Click to Get Updates on the Latest Information Security News

Company*

Title*

Email*

Subscription Type:

Government Enews

General Government Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Banking Enews

General Banking Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Credit Union Enews

General Credit Union Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Need Help?

Next Related Article:

Proactive IT Security: Ridding the Patch Mentality

Topics of Interest

DIACAP

3 Simple Steps to Ensure DIACAP Compliance
Defense: DoD Information Assurance Certification and Accreditation Process

Office of Management & Budget

DHS Addresses New FISMA Responsibilities
Senator Gives White House 'Incomplete'
on Cybersecurity Performance

Legislation

GovInfoSecurity.com Week In Review for Friday, Sept. 3, 2010
Editor's Choice for August: Senate Tackles Cybersecurity Bill, DoD Infosec Strategy, U.S.-CERT, State CISOs

Governance & Standards

Federal Best Practices: Email Security - Archiving and Data Loss Prevention
Six Critical Elements to Achieve Economies in FISMA Compliance

Network & Perimeter

Real-Time FISMA Compliance Monitoring
Meeting Government Security and Regulatory Goals through Network Access Control

COSO

Good Governance: How to be a Security Leader

Latest Tweets & Mentions

Recent Content
Most Popular

15 Critical Elements of Cloud Framework
2Poker Face: Stopping the Insider Job
3New Vishing Spree Strikes U.S.
4State CISOs: Challenge to Secure Data
5Heartland, Discover Settle at $5 Million
6How to Protect Consumers from ID Theft
7Cloud Computing: Questions to Ask
8U.S.-CERT Eyes Expanded Mission
9Retirees Hit by Website Breach
10Video: Why Cyber Challenge is Needed

1Tapping the Power of Social Media
2Social Media Policy - The 6 Essentials
3Senators Unveil Long-Awaited Cyber Bill
4Job Trends: Top Skills, Certifications
5New Vishing Spree Strikes U.S.
6PCI Updates Unveiled
7What Happens When XP Expires?
8Melissa Hathaway on the Cloud
955,000 IT Jobs Created in 2nd Quarter
10Boards Losing Focus on Security

GovInfoSecurity.com Research

Podcast:Reasoning Behind Enhancing DHS Infosec Prowess
Webinar:Legal Considerations About Cloud Computing
Handbook:Ten Faces of Fraud in 2010 - RSA Conference Edition
White Paper:Federal Best Practices: Email Security - Archiving and Data Loss Prevention
Regulation:NIST SP 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems

Recent Blog Entries

On the Insider Threat, PCI and Risk Management

Let me share with you some highlights of recent podcast inte…

Read The Field Report by Tom Field

Vendor Solutions

TraceSecurity

Solutions For:

Audit, Managed Security services (Monitoring, Penetration Test, Risk Assess, Etc), Security Training, User Awareness
MarkMonitor

Solutions For:

Anti-Phishing, Authentication, Fraud Detention Network

Marketplace

Information Security Media Group - Family of Websites

Banking

BankInfoSecurity.com
Careers
Blogs

Credit Unions

CUInfoSecurity.com
Careers
Blogs

Government

GovInfoSecurity.com
Careers
Blogs

Healthcare

HealthcareInfoSecurity.com
Careers
Blogs

About Us
Contact Us
Site Map
Terms of Service
Advertise
RSS

GovInfoSecurity NewsGet the RSS Feed
Agency ReleasesGet the RSS Feed
Latest ArticlesGet the RSS Feed
WebinarsGet the RSS Feed
GovInfoSecurity.com BlogGet the RSS Feed

Home
Training
Resources
Content Library
- Agency Releases
- Articles
- Handbooks
- Podcasts
- Surveys
- Webinars | Calendar
- White Papers
Careers
Blog

Advanced Search

Browse Topics

Agencies

Defense Department
Energy Department
Government Accountability Office
Homeland Security Department
Inspectors General
Law Enforcement
National Security Agency
NIST
Office of Management and Budget
US-CERT

Audits Investigations Reports

GAO
Inspectors General

Business Continuity & Disaster Recovery

Pandemic Preparation

Collaboration & Interagency

CIO Council
Information Sharing

Congress

Committees and Testimonies
Legislation

Governance & Standards

COSO
DIACAP
FISMA

Laws, Regulations & Directives

Clinger-Cohen Act
E-Government Act
HIPAA

Leadership & Management

Budgeting & Funding
Staff & Recruitment

Incident Response
Information Security Compliance
Insider Threat
Risk Assessment
Vendor Management

Technology

Application Security
Authentication
Biometrics
Cloud Computing
Data Loss
Encryption
Endpoint Security
Fraud
Governance, Risk & Compliance
ID & Access Management
Messaging
Mobile & Wireless
Network & Perimeter
Social Media
Storage
Virtualization
Web Security

Training & Education

White House

Cybersecurity
Office of Management & Budget

NIST SP 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems..Next Topic
President Obama's Healthcare Reform Plan..Next Topic
President Obama's Healthcare Reform Plan..Next Topic
President Obama's Healthcare Reform Plan..Next Topic
DoJ: Report to Congress on Implementation of Section 1001 of the USA PATRIOT Act..Next Topic
GAO: Managing Sensitive Information..Next Topic
NIST SP 800-41 Revision 1: Guidelines on Firewalls and Firewall Policy..Next Topic
NIST Guide to Security for WiMAX Technologies (Draft)..Next Topic
OMB Memorandum: New Reporting Instructions for FISMA..Next Topic
NIST IR 709: Cryptographic Key Management Workshop Summary (Draft)..Next Topic

A-
A
A+

GovInfoSecurity.com - Information Security News, Regulations, & Education

Government Information Security Articles

IG Questions DHS Execution of Active Directory