Security News > 2020 > September > Feeling bad about your last security audit? Check out what just happened to the US Department of Interior
The US Department of the Interior spectacularly failed its latest computer security assessment, mostly for a lack of Wi-Fi defenses.
The infosec experts also noted other security shortfalls, such as a lack of network segmentation that would allow intruders to casually move between systems, incomplete inventory records of wireless networks, and a reliance on pre-shared keys that could be exploited by miscreants to eavesdrop on network traffic.
"Without network segmentation, an attacker, once inside a bureau's network, can pivot to other bureaus and their computer networks without restriction or detection," the red team explained.
"The department's contradictory and outdated guidance, incomplete inventory, and lack of technical security testing led to its implementation of insecure wireless networks," the report thundered.
Multiple attacks on governments have been carried out by first targeting the networks of contractors.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/17/dot_pentesers_expose_wifi/
Related news
- Major security audit of critical FreeBSD components now available (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator (source)
- US senators propose law to require bare minimum security standards (source)
- US reportedly mulls TP-Link router ban over national security risk (source)