How does your state computers users (the city/state workers) secure your information? We had a little audit and wow sad news...

What got me was the fact that the office managers/department heads had excuses. Seems like the Washington BS has made it to the state and city level of government.

State computers vulnerable
By John Hanna

Created July 10, 2009 at 5:17pm

Updated July 11, 2009 at 12:21am
A legislative audit in Kansas has raised questions about the security of state computer networks and whether agencies are vulnerable to cyber attacks like a recent one against U.S. government Web sites.

The audit reviewed computer security issues at five state agencies and found some weak password controls and missing security patches for servers. And 39 percent of one unnamed agency's passwords were cracked within five minutes using free software available on the Internet.

Asked whether other agencies have the same vulnerability, auditor Allan Foster said Friday that the five tested represented a cross-section of state government.

"I would suspect that it's fairly widespread," he said.

Officials at several of the agencies said the audit was useful but the issues identified were isolated. They expressed confidence in their security.

I don't trust their CONFIDENCE

Tests were performed on networks for the state pension system, the state treasurer's office, the court system, the Kansas Department of Transportation and the Board of Nursing. The audit didn't specify the results for each agency for security reasons.

"They identified some places we could improve," said Glenn Deck, the pension system's executive director. "It was helpful."

Senate Majority Leader Derek Schmidt predicted legislators will discuss further issues raised by the audit.

"This shows that Kansas state government still has a ways to go before it's tech-savvy and secure," said Schmidt, an Independence Republican who serves on the committee overseeing auditors' work. "It doesn't really matter where the leak in the dike is, what matters is that there are none."

The audit took about two months and was in the works well before a widespread cyber attack on U.S. and South Korean government Web sites over the Fourth of July weekend. Officials suspect it originated in North Korea.

Anthony Schlinsog, the Kansas Department of Transportation's bureau chief for computer services, said the agency is increasing password lengths, adjusting a security setting and planning more training because of the audit.

It took an audit for them to begin to become a bit more secure, how comforting

Tara Gillum, spokeswoman for state Treasurer Dennis McKinney, said the audit identified nothing that required an "upheaval" in the office's computer systems. Kathy Porter, assistant judicial administrator, said the court system does a good job of keeping its systems secure but still welcomed the audit.

Gee I disagree Tara and Kathy tries to wash it over.

"We were happy to have a fresh set of eyes on it," she said.

Foster said it is unlikely hackers could steal government funds because of financial controls in state government. But they could access files and personal information if networks aren't secure enough, he said.

It isn't the state funds Mr. Foster, it is all the data that is kept on each citizen that can be used against us.

Seventeen of 133 servers scanned at the five agencies, or 13 percent, were missing at least one security patch for their operating systems, the audit found. Forty-nine were missing at least one patch for their software applications, and 30 were missing three or more patches for applications.

To breach an agency's passwords, hackers would have to find a vulnerable server, hunt down an encrypted list of passwords and copy it, Foster said. In the audit's case, agencies cooperated for testing purposes.

Still, even with the encryption, after 24 hours, the lowest percentage of cracked passwords was 23 percent. Still not good enough. And what was the highest % of cracked passwords

Three of the four agencies that had their passwords tested had either weak policies or weak network password settings, and the fourth was weak in both areas, the audit said.

Even the agency that had relatively strong policies and settings had 35 percent of its passwords cracked within five minutes.

The last paragraph says it all... Department heads best require better from themselfs and the state workers under their control
.........................................READER COMMENTS HERE......................
State computers vulnerable | CJOnline.com

FRONT PAGE: http://www.cjonline.com/

__________________
"There are two ways to conquer and enslave a nation... One is by sword... The other is by debt."

John Adams 1826