What did that 2001 Forensic Audit of the MCPS computer network reveal?
...MCPS is not well positioned to address internal misuse of the network...
More from the report:
...We prefer to conduct the survey in person, since many of the questions are subjective and an in-person interview may provide a more complete response. In the case of MCPS, not all potential survey respondents were available while Forensics Explorers was on site...
Incoming Traffic Monitors
Finding: We found there are no procedures requiring regular review of audit logs of the monitors on each gateway into the MCPS system. It appears monitors are reviewed, but not necessarily on a systematic basis. Any monitoring and evaluation is conducted at the request of technical support personnel.
Finding: We found evidence of improper traffic on the MCPS network. The improper traffic fell into three categories...
Inappropriate Traffic. This type of traffic includes activities that violate customer policy or reasonable standards of behavior. For example, frequent visits to non-work related web sites would be inappropriate traffic. We observed several thousand visits by nearly 100 computers to more than 600 adult web sites and adult chat rooms. The visits constituted 0.12 percent of the web surfing. We also observed downloads of adult materials using peer-to-peer networks; isolated visits to hate- or bias-related web sites; and visits to gambling web sites. Internal users also downloaded and copied songs, movies, and television shows. This inappropriate traffic constitutes a network security risk, an abuse of MCPS property, and a waste of resources.
Finding: We found there is insufficient systematic review of the risks posed by inappropriate use by authorized users of the MCPS network. Systematic reviews are conducted on portions of the MCPS network but not across its entirety.
Finding: We found MCPS had incomplete configuration management controls. MCPS has adequate knowledge of its central and infrastructure configurations; network diagrams were readily available and up-to-date (May 2001). There are some machines not under configuration control and MCPS is working on the remaining machines in accordance with budget constraints. Unauthorized programs present several risks, they use system capacity, and downloaded freeware can contain spyware programs hidden in their code that can allow unauthorized persons access to the MCPS network.
Finding: We found MCPS does not have a consistent, enterprise-wide policy for routinely checking for and removing dormant and inactive accounts from the system and checking for expired passwords. Removing dormant accounts and deleting expired passwords limits the avenues for access by former employees and students.
The full report, as found on the Internet, is reprinted below.
MCPS Network Security Audit Report