The Internal Revenue Service needs to ensure the security of its virtual servers, according to a new report.
The
The report found that the IRS has developed a comprehensive policy establishing the minimum security controls to prevent unauthorized access to IRS information systems hosted in its virtual environment. A successful attack against a host can compromise all of the virtual servers residing on that host.
But although the IRS has established processes to monitor its virtual infrastructure, TIGTA found that security configuration settings on hosts were not in accordance with IRS policy. In addition, audit logs for the hosts were not collected and reviewed as required by IRS policy. Until an automated monitoring tool is implemented, the IRS will not be able to effectively monitor and maintain security configurations that are needed to secure the IRS virtual infrastructure and the sensitive information that resides on it.
TIGTA recommended that the IRS’s chief technology officer ensure that the IRS implements automated monitoring to ensure that host settings remain in compliance with configuration standards; applies software patches to hosts timely in accordance with IRS policy; and implements audit log collection and review accordance with IRS policy.
The IRS agreed with all of TIGTA’s recommendations and plans to procure or develop an automated tool, or adapt existing monitoring infrastructure, to report virtual host compliance; apply patches to hosts timely in accordance with IRS policy; and develop audit plans and implement log file collection and review for the hosts.
“We are confident that our routine support practices for our virtual server environment are providing a sound operating environment,” IRS CTO Terence V. Milholland wrote in response to the report.
