How Safe are Government Computers? 35
KingOfBLASH asks: "Recently, when I was in the local City Court to protest a parking ticket, I noticed that all of the computers were running Windows (some as old as Windows 95!), and there were definitely network cables snaked around them. The City Hall suffers from the same affliction. Given that some of these computers have passed the End of Life for support, and there are a number of known exploits, how safe our government computers? What damage could be done if they were attacked?" It would be interesting to note if it's just local governments that may be running lower-than-expected tech or regional governments, as well. It would also be worthwhile to hear how governments outside the US compare to their American counterparts.
Well what are they really running? (Score:3, Insightful)
On the other hand it would be easy to fit goverment with the latest in secure systems. Just pay more taxes.
Re:Well what are they really running? (Score:1, Insightful)
On the other hand it would be easy to fit goverment with the latest in secure systems. Just pay more taxes.
Re:Well what are they really running? (Score:3, Insightful)
Re:Well what are they really running? (Score:2)
To the best of my knowledge, SP6 has been out since atleast the summer of 2000...
This is why they got ravaged by virii late last summer...
Re:Well what are they really running? (Score:2)
Re:Well what are they really running? (Score:2)
You are assuming that they would actually spend the money upgrading the computers instead of some politicians pet project designed to get re-elected.
I have a right to be cynical, I have to hear about politicians every night on the news.
Probably no better than your average small busines (Score:5, Informative)
In reality Windows 3.1 was a pretty secure OS - after all there was no networking built in (it was an add on) so very few remote vulnerabilities. That said - there were a LOT of vulnerabilities in the add on software to get them on the network. The other thing going for them is if they are old enough a lot of the vulnerabilities (various scripting flaws etc.) weren't built in to the level that they are today - making the current crop of random Trojan horses a lot less effective
private v. public (Score:5, Interesting)
also, what if any liability does government have for misuse of information? an infamous case was a state (CA?) that gave out auto licence plate information promiscuously enabled a stalker to locate and kill a woman. for a time state governments were selling driver's license information to marketers, all the way down to the height and weight info. i worked on a proposed "violent gang database" collecting officer intelligence on alleged gang members, such as nicknames, residence, and so on -- i asked, what if the data falls in the hands on an enemy gang?
i would suggest that government should be held liable for negligent dissemination of private information, and that some sort of comprehensive plan regarding what is "private" and what is required to access private data. right now i can apparently find out how much my neighbor paid for her house, how much she gave to poilitical campaigns, where she's lived for the last 20 years -- questions i would hesitate to ask to her face (and she's nice!). what's going on here?
this touches a nerve, as you can see.
Re:private v. public (Score:2, Interesting)
Public toilet (Score:3, Funny)
Not safe at all! (Score:1)
-psy
As a county DBA/Network Technician (Score:5, Informative)
We as taxpayers/employees take great pride in protecting the public's information. And while one respondent asked about public record, yes most are public but we MUST control the way in which the public gets access.
Re:As a county DBA/Network Technician (Score:1, Interesting)
Re:As a county DBA/Network Technician (Score:2, Interesting)
The counties that I have dealt with bitch about replacing Windows 3.51 systems and refuse to keep computers on overnight to receive patches because they bitch about electricity usage.
Re:As a county DBA/Network Technician (Score:3, Insightful)
> you that most government computers are secure...
Including those at the US Dept. of Interior?
Basically, it sucks just about everywhere (Score:5, Insightful)
When aquisitions are written into a contract or pre-set by an annual budget, this means they probably left out long-term maintenance, upgrades, and funds to pay anyone do to maintenance and upgrades. Welcome to basically every bureaucracy large and small on the whole planet.
For example, wasn't it the good ol' Department of Homeland Security that scored an 'F' for network security this last year? Wasn't the Department of the Interior that was ordered off-line for gross negligence? Large and small, they all fall.
Have a nice day.
Definately network cables ... (Score:5, Insightful)
So what? Just because they have a network card and some cabling does not necessarily mean they are hooked to anything but another computer in the building.
I don't believe the question here is 'how prone to hacking are these computers' I believe the question is, 'how strong is the firewall protecting them.'
That is of course assuming they are 1 connected to the internet, and 2 firewalled.
The county government here has one computer on the internet, and it's isolated from the other computers, i.e. not networked in with them.
Re:Definately network cables ... (Score:2)
The City Of Ithaca [ithaca.ny.us] (Where I live), has a web site. That means that they are hosted somewhere. So, some city computers, somewhere, are connected to the net (note that this counts the possiblitiy they pay some one to host).
Well, that may be so. But does the city have a competent IT department? And given the fact that even people who are supposed to
Re:Definately network cables ... (Score:1)
Incidentally, cityofithaca.com is hosted by http://www.govoffice.com/
Re:Terrorist! (Score:2)
Re:Terrorist! (Score:2, Funny)
Where I work (Score:5, Insightful)
Try asking federal employee a few simple questions and you will find the majority of them know next to nothing about security (other than how to log on to their workstation).
Re:Where I work (Score:2)
No, the weakest link is the software that requires more than minimal computer knowledge. My wife doesn't have to know how to do a brake job on her car in order to drive it safely. Why should users have to know all the intricacies of security (that even many slashdotters probably don't completely understand) in order to compute safely? Personal computers are just too damn complicated and insecure for their intended audience. What we need is
uh..... (Score:2, Funny)
If anyone wants to take the chance of finding out how secure they are, can you get rid of those pesky parking tickets in my name?
State Govt (Score:1)