Auditor flags security flaws in N.S. gov't computers

[InfoSec News <alerts () infosecnews org>]

http://www.ctv.ca/CTVNews/Canada/20101118/ns-auditor-sees-security-flaws-101118/

The Canadian Press
Nov. 18, 2010 

HALIFAX -- Security weaknesses in computer systems operated by Service 
Nova Scotia and Municipal Relations place a wide range of personal and 
business information at risk, the auditor general concluded in a report 
released Wednesday.

Jacques Lapointe said he found problems in the way passwords are 
controlled, computer accounts are set up and security changes are made, 
which means there's a risk information in three of four registries can 
be used inappropriately by department staff and contract employees.

The problems primarily affect the land, business and joint stock 
registries.

"Security configuration settings for the IT systems that support the 
registries are not sufficient to prevent unauthorized access," the 
report states. "Improperly configured systems limit (the department's) 
ability to ensure information it retains is secure."

Lapointe said that in addition to the internal risk, the potential 
exists for external hackers to get into the system through collusion, 
bribery and blackmail, which could lead to identity theft, the loss of 
land ownership or the disruption of business operations.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/