Security News > 2020 > September > Feeling bad about your last security audit? Check out what just happened to the US Department of Interior

Feeling bad about your last security audit? Check out what just happened to the US Department of Interior
2020-09-17 23:47

The US Department of the Interior spectacularly failed its latest computer security assessment, mostly for a lack of Wi-Fi defenses.

The infosec experts also noted other security shortfalls, such as a lack of network segmentation that would allow intruders to casually move between systems, incomplete inventory records of wireless networks, and a reliance on pre-shared keys that could be exploited by miscreants to eavesdrop on network traffic.

"Without network segmentation, an attacker, once inside a bureau's network, can pivot to other bureaus and their computer networks without restriction or detection," the red team explained.

"The department's contradictory and outdated guidance, incomplete inventory, and lack of technical security testing led to its implementation of insecure wireless networks," the report thundered.

Multiple attacks on governments have been carried out by first targeting the networks of contractors.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/17/dot_pentesers_expose_wifi/