Unauthorized web servers connected to IRS network

The Internal Revenue Service (IRS) has identified 1,811 unauthorized web servers connected to the agency's network, according to a recent audit report.

The report, from the U.S. Treasury Inspector General for Tax Administration, stated that a network scan from the IRS Computer Security Incident Response Center identified 2,093 potential web servers with at least one security vulnerability connected to the IRS network. These results were compared to the IRS' web registration database and found 1,811 connected web servers were not authenticated to connect to the network.

“We recognize that some of these unauthorized web servers could be legitimate web servers supporting IRS operations,” the audit report stated. “For example, the Enterprise Operations organization was able to show that 661 (36 percent) of the 1,811 web servers had a legitimate business purpose. The risk exists that the remaining 1,150 unauthorized web servers are being used for non-business purposes.”

The IRS attributed the existence of unauthorized web servers to web server owners not registering their servers with the agency. It also said that responsibility for registration remained unassigned since September 2006.

Arthur Gonzalez, IRS chief information officer, said in a statement that his office agrees with recommendations to better protect its network, including procedures to block unauthorized web servers, require annual network scans and limit the number of approved web software packages for web servers.  The IRS' goal is to have all the recommendations implemented by Aug. 1, 2009.

However, Ken Stasiak, CEO of SecureState, which supplies security services to government and businesses, told SCMagazineUS.com on Friday that the IRS' findings are alarming.

The unauthorized web servers can open up the door for hackers, Stasiak said.
 
“Classified information is pretty well protected,” he said. “Unfortunately, IRS information on taxpayers is not deemed classified.”