To be fair, the blog that this item appears in is called "Mainframe Propeller Head", so the author may have felt that he should concentrate on the mainframe-related content from the report. However, the main deficiency noted was inadequate logging: "IRS had not configured security software controls to log changes to datasets that would support effective monitoring of the mainframe at one of its data centers..." which also applied to a greater extent to Windows & Unix servers: "inadequate logging of security-relevant events for UNIX and Windows servers at one data center and for UNIX servers at another."
Bill On Thu, 15 Jan 2009 09:03:32 -0600, Hal Merritt <[email protected]> wrote: >Ya just gotta love the media agendas. I scanned the report and saw some audit 'boiler plate' (yawn) but most all of the real 'problems' were network and Windows related (shock and awe). I did not see any unresolved mainframe issues. True, I did not see the detailed findings, but I'd bet a nickel that I've seen every one of the mainframe findings before on my own audits. > >Really sad that the authors felt that it was more important to bash mainframes than report facts. > >My $0.02 (before taxes) > >-----Original Message----- >From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Kopischke, David G. >Sent: Wednesday, January 14, 2009 6:25 PM >To: [email protected] >Subject: IRS Mainframe Not Secure Enough > >From SearchDataCenter today.... > > >IRS MAINFRAME NOT SECURE ENOUGH, GOVERNMENT REPORT SAYS >Mark Fontecchio, News Writer > >The federal Government Accountability Office (GAO) has released >a report detailing information security issues at the Internal >Revenue Service (IRS), and among them are lax mainframe management >monitoring. > >This isn't the first time the GAO has found issues with the IRS' >data centers and mainframes. Last year the GAO found 115 weaknesses >in information security at the IRS. To the agency's credit, 49 of >them have been fixed. But this isn't a two-year thing. There have >been information security problems at the IRS for years. > > >http://itknowledgeexchange.techtarget.com/mainframe-blog/irs-mainframe-n >ot-secure-enough-government-report-says/?track=NL-576&ad=683880&asrc=EM_ >NLN_5568886&uid=279318 > > >NOTICE: This electronic mail message and any files transmitted with it are intended >exclusively for the individual or entity to which it is addressed. The message, >together with any attachment, may contain confidential and/or privileged information. >Any unauthorized review, use, printing, saving, copying, disclosure or distribution >is strictly prohibited. If you have received this message in error, please >immediately advise the sender by reply email and delete all copies. > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
