Audits and reports warned of IRS computer safety risks – USA TODAY

Government monitors repeatedly warned of IRS computer security risks long before Tuesday’s disclosure that identity thieves had stolen tax agency data for roughly 100,000 U.S. households.

At least seven federal audits and other reports from 2007 to 2014 outlined dangers that ranged from failures in IRS database controls to hiring an ex-con without a background check and failing to screen for other workers who had access to personal data for millions of taxpayers.

“Computer security has been problematic for the IRS since 1997,” according to an Oct. 2014 report by the Treasury Inspector General for Tax Administration, the government monitor for the nation’s tax agency.

So problematic, that TIGTA has ranked security for taxpayer data and IRS employees as one of the tax agency’s top management challenges every year at least since 2004.

The U.S. Government Accountability Office separately warned last year that despite IRS computer security improvements, “weaknesses remain that could affect the confidentiality, integrity and availability of financial and sensitive taxpayer data.”

Shortcomings identified by the GAO included the IRS’ failure to restrict physical access to computer resources, along with use of weak encryption for authentication on many of the tax agency’s computer servers.

The IRS agreed with many of the findings, and said corrections would be made. However, tax agency officials have contended that IRS budget cuts approved by Congress have made it harder to implement upgraded security safeguards.

The IRS issued standard security configurations for its databases in March 2006, TIGTA said.

Just over a year later, oversight auditors tested security controls on 17 databases from eight tax administration applications.

“Collectively, these databases failed 30% of our tests,” the TIGTA audit concluded. “Exploitation of the vulnerabilities found could result in unauthorized accesses to taxpayer information and ultimately result in identity theft or fraud.”

The IRS agreed with audit recommendations to correct the weaknesses.

But a subsequent audit completed in May 2011, said TIGTA auditors “could not determine if the weaknesses were entered, addressed, or closed.

“As a result we have no assurance that the previous security weaknesses were corrected,” the auditors wrote.

The 2011 audit also identified additional security issues. IRS non-mainframe databases that contained taxpayer data were not always securely configured to guard against potential breaches, TIGTA reported.

IRS databases also ran outdated software that no longer received security patches and other support. Additionally, auditors reported the IRS bought a vulnerability scanning and compliance assessment tool without completing adequate evaluation and testing.

“As a result, the IRS spent more than $1.1 million in software licenses and support tools for a tool that was not fully implemented,” the audit concluded.

An April 2012 TIGTA audit report said the IRS office responsible for around-the-clock checks for cyberattacks and computer vulnerabilities was not monitoring 34% of the tax agency’s computer servers.

The IRS office, known as the Computer Security Incident Response Center, also had failed to send required reports about all computer security incidents to the Department of the Treasury, auditors reported.

Moreover, the monitoring center’s operating procedures “are not formalized and are outdated and incomplete,” TIGTA concluded.

The IRS agreed to make most corrective actions recommended with the audit findings.

But results of another TIGTA audit in 2013 found the IRS had only partly implemented eight out of 19 recommended corrections for risks related to security of systems involving taxpayer data. The IRS nonetheless listed all 19 as fully completed, the audit showed.

Yet another audit, completed in Jan. 2013, reported several delays in IRS implementation of a program designed to provide continuous monitoring of the tax agency’s workstation security.

Initially scheduled for deployment by Dec. 2010, the completion date was pushed back to May 2013, TIGTA reported.

Reviewing IRS vendor contracts, a 2014 TIGTA audit discovered that a courier who transported IRS documents, including tax returns, to and from the IRS and postal offices, had not been given a background check.

But the courier did have a record of serving 21 years in prison for arson, retaliation and attempted escape, the audit reported.

Similarly, a company awarded an IRS contract to print and mail tax forms received a compact disk with 1.4 million taxpayers’ names, addresses and Social Security Numbers.

“None of the contractor personnel who worked on this contract underwent a background investigation,” auditors concluded.

Asked in February by USA TODAY whether the nation’s tax agency was secure from computer hackers, IRS Commissioner John Koskinen replied: “The best response is never to think you’re safe.”

We’re getting people from around the world trying to figure out how to get in, because if you could get into the IRS, it’s a great place to get data. We have fire walls, anything that’s state of the art, we have,” said Koskinen. “That’s somet
hing we’ve spent money on, something we’re focused on. Thus far, we haven’t had a significant breach, but are literally always under attack.

Read or Share this story: http://usat.ly/1HM5Mx9

Source

About Gregory Masley

Gregory Masley CNE, CNA, MCSE
(714)975-3656
greg@masleyassociates.com

SUMMARY:

• Twenty years of Network Engineering hands on experience, with a demonstrated ability to quickly learn and integrate new technology in a variety of industries
• Proven expertise in various network including Novell Netware and Microsoft Windows networks.
• Proven expertise in large scale network, wireless and cloud-based network build-outs and migrations
• Proven success in implementing management, operations, technical and interpersonal skills to increase productivity, reliability and teamwork to benefit the company
• Team Lead, Project Manager, IT Manager, Network Administrator, Network Engineer and sole IT support for security, repair, installation, migration, reconfiguration and maintenance of large-scale Windows and Novell networks ranging from 5 users to over 8000 users
• Hands on experience in Wireless Networking, 10/100/1000 Ethernet, Optical Networking, Switching/Bridging (VLAN, Spanning Tree), VPNs, LAN/WAN/MAN, TCP/IP Protocol, IP Addressing and Subnetting, IP Access Lists, Routing Protocols, Token Ring, ATM, Frame Relay, HP OpenView NNM, Cisco Works for Switched Internetworks, Resource Manager Essentials, Cisco Security Management Center (PIX, IDS), Microsoft Visio, WebNM, IBM compatible computers, Windows 2008/2003/2000/7/Vista/NT/XP, Remote Desktop Management, Microsoft Office 2010/2007/2003/2000/XP, Norton, Remedy, Compupic Pro, Network Security and MicroStation (95/SE/J/8)
• Active Directory migrations 2003 to 2008
• Hands on experience with Cisco 2600/3600/4000/7200/7500 series routers, Cisco Catalyst 1900/2900/5000/5500 series switch, Cisco 3550 Multilayer Switch, Cisco PIX Firewall, Cisco IDS 515E, CAD/CAM Systems, Netopia Routers, Sonicwall, IBM Compatible Workstations and Servers and Printers
• Hands on experience with Microsoft Windows Enterprise Server, Office 365, Small Business Server and Workstation NT through 2008, Active Directory, Novell 3.1-6.0, UNIX, SCOM, SCCM, Microsoft Exchange, Microsoft SQL, Microsoft SharePoint, Citrix, Microsoft Office, Word Perfect, AutoCAD, MAPICS, Rhumba Reflections and ISA Server, Active Directory migrations 2003 to 2008
• Programming experience in Visual Basic, Basic, COBOL, FORTRAN, SQL, HTML, Wordpress, CSS, DreamWeaver, Oracle and DBASE
• MCSE, CNA, and CNE Certified
• United States Department Of Defense SECRET Security Clearance 2005

TECHNICAL SKILLS:

• Networking: Wireless Networking
• 10/100/1000 Ethernet
• Optical Networking
• Parsed Cloud
• Switching/Bridging (VLAN, Spanning Tree)
• VPNs, LAN/WAN/MAN
• TCP/IP Protocol
• IP Addressing and Subnetting
• IP Access Lists, Routing Protocols
• Token Ring, ATM
• Frame Relay
• HP OpenView NNM
• Cisco Works for Switched Internetworks
• Resource Manager Essentials
• Cisco Security Management Center (PIX, IDS)
• Microsoft Visio
• WebNM
• IBM compatible computers
• Windows Enterprise Server, Small Business Server and Workstation 2008/2003/2000/NT/XP/Vista/7
• Exchange 5.5/2000/2003/2007/2010
• Remote Desktop Management
• Microsoft Office 2010/2003/2000/XP
• Windows 95/98/Vista/XP/7
• Norton
• Remedy
• Compupic Pro
• Network Security
• MicroStation
• (95/SE/J/8) HP Openview
• OSPF,BGP,VLAN,IPSEC, routing and bridging protocols
• Citrix XenApp
• VmWare

Hardware:

• Cisco 2600/3600/4000/7200/7500 series routers
• Cisco Catalyst 1900/2900/5000/5500 series switch
• Cisco 3550 Multilayer Switch
• Cisco PIX Firewall
• Cisco IDS 515E
• CAD/CAM Systems
• Netopia Routers
• Sonicwall
• IBM compatible Workstations and Servers
• Printers

Software/OS:

• Microsoft Windows Servers (all versions) NT 3.51 through 2008 R2
• Microsoft Windows Desktop (all versions) Windows 95 through Windows 7
• Novell 3.1-6.0
• UNIX
• Parsed Cloud
• Microsoft Exchange 2000/2003/2007/2010
• SharePoint 2007/2010
• SQL Server 2005/2008
• Lotus Notes
• Microsoft Office XP/2000/2003/2007/2010/365
• Word Perfect
• AutoCAD
• MAPICS
• SCOM, SCCM
• Rhumba Reflections
• ISA Server RAID Storage Devices SAN Storage Devices
• Citrix
• Active Directory
• Citrix XenApp
• VmWare

Programming:

• Visual Basic, Basic
• COBOL
• FORTRAN
• SQL
• Oracle and DBASE
• HTML
• Wordpress
• MySQL
• CSS
• DreamWeaver

EDUCATION & TRAINING:

California State University Fullerton
• Novell Certified Network Administration and
• Engineering Program – Graduated in the top 10% of the JTPA Grant Class of 93
• BS – Computer Science 1997

CERTIFICATES & LICENSES:

• CNE – Certified Novell Network Engineer 1993
• CNA – Certified Novell Network Administrator 1992
• MCSE – Microsoft Certified Systems Engineer 1997

PROFESSIONAL EXPERIENCE

Senior Computer Network Consultant - Masley and Associates - Owner
Orange County, CA Jan 1994 to Present

Senior Network Consultant (Masley & Associates)
Lynx Grills, Downey, CA
Feb 2013 - April 2015
• Lead network technical support engineer onsite for 70 user network reconfiguration and move from Commerce California to Downey California with Microsoft Windows Server 2008 R2, Microsoft SQL 2008, Navision, Microsoft Exchange and Office 365

Security First Corporation, Rancho Santa Margarita, CA
Sep 2011 – Feb 2013
• Built and tested over 20 new Microsoft Windows 2008 R2 Servers with Microsoft Exchange 2010 in DAG failover clusters and SQL and SharePoint with Active Directory configurations from scratch to test Security First Corporation’s SPX Connect and BitFiler Encryption Software with and documented and reported findings, as well as Office 365, VmWare and Citrix Xenapp
• Built and tested new encrypted Cloud Based Parsed Cloud Secure network encrypted Cloud network environment
• Active Directory migrations 2003 to 2008
• Network Engineer responsible for system configuration, communications, and installation of hardware, operating systems, and software applications in multiple client locations
• Design, instillation, and maintenance of all computer networks for major Southern California and Colorado companies including:JNIC Missile Defense Agency Schreiver Air Force Base Department Of Defense, Net Solutions, Planet Network, Analysts International, Accucode, Capitol Records, Unihealth Insurance, Fuji Bank, UNOCOL 76, and Price Company
• Performed nationwide wireless network upgrade for The Sports Authority and Gart Sports on multi-tier network with over 1000 users.
• Migrated St. Joseph’s Hospital from Novell to Windows 2000 Server with Exchange 2000 on multi-site network with over 2000 users.
• Migrated Anaheim Memorial Hospital from Windows 98, NT Server, and Exchange 5.5 to Windows XP, 2000 Server, and Exchange 2000 on multi-site network with over 4000 users.
• Designed and documented data and voice networks from the ground up.
• Trained customers and managers on system capabilities and usage.
• Website programming in CSS, HTML, Wordpress and Dreamweaver

Aug 2010 - Sep 2011 Network Consultant- EdgeMac Finance, Anaheim, CA (Masley & Associates)
Jul 2009 – Aug 2010 Network Consultant- Microtek, Anaheim, CA (Masley & Associates)
Jun 2008 – Jul 2009 IT Manager - Bert Howe & Associates, Anaheim, CA (Masley & Associates)
Consolidated List of Duties/Roles
• Edge Mac Finance:
Moved, reconfigured and supported sixty user network with Windows 2003 and Windows 2008 Servers, Exchange Server, SharePoint Server, SQL Server, Active Directory, Windows XP Professional and Windows 7 Professional, as well as VmWare and Citrix Xenapp. Active Directory migrations 2003 to 2008
• Microtek-Bert Howe & Associates:
Reconfigured and supported sixty user network with Windows 2003 and Windows 2008 Servers, SCOM, SCCM, Exchange Server, SharePoint Server, SQL Server, Active Directory, Windows XP Professional and Windows 7 Professional, as well as VmWare and Citrix Xenapp. Active Directory migrations 2003 to 2008

2GWLAN Engineer (Masley & Associates)
Peterson Air Force Base/ Luke Air Force Base
May 2005 – Jun 2008
• Designed and implemented 2GWLAN system for both Air forcebases
• Worked with Aruba Controllers, Aruba Access Points, RADIUS and TACACS Servers, and used Motorola LAN Planner, VmWare and Citrix Xenapp to do the design
• Configured and tested all necessary network platforms under extreme time constraints resulting in successful customer acceptance of required test bed network
• Active Directory migrations 2003 to 2008
• Established network security measures in order to support defense agency accreditation for The Department Of Defense at Schreiver Air Force Base JNIC Missile Defense Agency
• Recommended and implemented network wide security management solution, including Firewall policies and configuration, router access-lists, and agent based network monitoring

Lead Network Engineer (Masley & Associates)
St. Joseph Hospital, Orange, CA
Apr 2003 – May 2005
• Primary support and lead Novell Network migration specialist for multi-site 500 user Novell Network, as well as VmWare and Citrix Xenapp

Lead Network Engineer (Masley & Associates)
Network Planet, Beverly Hills, CA
Mar 2001- Apr 2003
• Primary support for Novell Networks, VmWare and Citrix Xenapp at Fortune 500 law firms in Los Angeles, California

Lead Network Engineer (Masley & Associates)
Network Solutions, Tustin, CA
Feb 1999 – Mar 2001
• Primary support for Novell, Microsoft Networks, VmWare and Citrix Xenapp at Fortune 500 companies in Orange County, California
• Network Engineer responsible for system configuration, communications, and installation of hardware, operating systems, and software applications
• Installed and maintained entire computer networks for major Southern California companies including:Mellon Financial, Mallinckrodt Medical, Shiley Medical, AJS Accounting Service, Online Connecting Point, Sandpiper Computer, Nadek, ARC, Farmers Insurance, Classic Homes, Horizon, Qualtek Manufacturing, Powell Manufacturing, RL Holdings, COACT, St. Joseph’s Hospital, Anaheim Memorial Medical Center, Computer Support Network and Manpower Technical
• Performed nationwide wireless network upgrade for The Sports Authority and Gart Sports on multi-tier network with over 1000 users
• Migrated St. Joseph’s Hospital from Novell and Lotus Notes to Windows 2000 Server with Exchange 2000 on multi-site network with over 2000 users
• Migrated Anaheim Memorial Hospital from Windows 98, NT Server, and Exchange 5.5 to Windows XP, 2000 Server, and Exchange 2000 on multi-site network with over 4000 users in Active Directory
• Designed and documented data and voice networks from the ground up.
• Trained customers and managers on system capabilities and usage
• Performed Systems Administration on Windows Servers and Clients for Local and Wide Area Networks
• Recommended and implemented network wide security management solution, including Firewall policies and configuration, router access-lists, and agent based network monitoring
• Administered and supported Citrix network environment for Classic Homes including building new Citrix servers and load balancing, as well as VmWare and Citrix Xenapp

Network Administrator (Masley & Associates)
Mallinckrodt Medical, Irvine, CA
Jan 1994 To Feb 1999
• Sole onsite IT support for 400 user network
• Managed all aspects of several network implementations including network planning, design, testing, documentation, deployment and maintenance of Novell and Windows based network systems
• Responsible for complete support, installation, maintenance and training for all network and system components
• Developed training and support plans for 400 user network
• Lead effort to migrate Novell based Microsoft and Lotus Notes servers with upgraded Windows NT based Exchange Servers to Active Directory. Included development and implementation of plan to provide remote access to e-mail and database servers via Windows NT RAS
• Administered Windows NT, Back Office, Exchange, RAS, AS400s, Lotus Notes, MAPICS, JD Edwards, Rhumba and Reflections, as well as VmWare and Citrix Xenapp