TAILIEUCHUNG - INADEQUATE SECURITY PRACTICES EXPOSE KEY NASA NETWORK TO CYBER ATTACK

The following areas are of interest to the computer auditor in considering IT infrastructure, although the amount of work required under each heading will vary. For example, a physical security review of a purpose built computer centre housing a large IBM mainframe computer may require a specific audit of several weeks duration. A review of the physical security aspects of a user based PC, however, may only, require a few hours work and could be incorporated into a larger scope audit. Accidental or deliberate physical damage to IT equipment could damage the software and data of the organisation. Given the large capital investment made by organisations in IT, not only. | March 28 2011 audit Report Office of audits INADEQUATE Security practices Expose Key NASA Network to Cyber Attack Office of inspector General National Aeronautics and Space Administration Report No. IG-11-017 Assignment No. A-10-011-00 Final report released by Paul K. Martin Inspector General Acronyms FTP File Transfer Protocol IP Internet Protocol IT Information Technology JPL Jet Propulsion Laboratory OA Office of Audits OIG Office of Inspector General VPN Virtual Private Network Report No. No. IG-11-017 March 28 2011 Overview Inadequate Security Practices Expose Key NASA Network to Cyber Attack The Issue NASA relies on a series of computer networks to carry out its various missions including controlling spacecraft like the International Space Station and conducting science missions like the Hubble Telescope. Therefore it is imperative that NASA protect its computer networks from cyber attacks that could disrupt operations or result in the loss of sensitive data. In this audit we evaluated whether NASA protected information technology IT assets on its Agency-wide mission computer network from Internet-based cyber attacks. Specifically we assessed whether NASA adequately protected these IT assets from Internet-based attacks by regularly assessing risks and identifying and mitigating vulnerabilities. We also reviewed internal controls as appropriate. Details of the audit s scope and methodology are in Appendix A. Results We found that computer servers on NASA s Agency-wide mission network had high-risk vulnerabilities that were exploitable from the Internet. Specifically six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable. Moreover once inside the Agency-wide mission network the attacker could use the compromised computers to exploit other weaknesses we identified a situation that could severely degrade or cripple NASA s

• Kế toán - Kiểm toán
• Ferraris
• apart and reassemble
• rainforest
• especially costly
• generates competition
• among jurisdictions
• ferreted out
• difference between
• Brazilian rainforest
• rainfores