IRS finds unauthorized Web servers connected to its networks

NextGov.com has reported on the security issue that concerns not just the folks at the Internal Revenue Service (IRS), but all of us who pay taxes in the U.S.

“The Internal Revenue Service found more than 1,000 unauthorized Web servers connected to its networks, leaving the agency’s systems open to hackers, according to a report released on Thursday by the IRS inspector general.

In September 2007, the IRS Computer Security Incident Response Center scanned the agency’s Web servers and identified 2,093 that had at least one security vulnerability. When the center matched those servers to the IRS database of registered Web sites and servers, an inventory of systems that the agency uses to perform security maintenance and apply patches, it found 1,811, or 87 percent, were not listed in the database.

Of the unregistered servers, the IRS identified 661 that were used for legitimate agency business, leaving 1,150 servers being used for potentially unauthorized activity, according to the report.”