Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The Australian National Audit Office has called on all government agencies to block free web-based email services like Gmail and Hotmail to mitigate security and information integrity risks.
An audit of electronic security at four Federal departments and agencies found one department - Prime Minister and Cabinet - allowed staff to access the free unsecured email services for business reasons.
Log files obtained by the auditor showed some department staff were using the free accounts regularly.
However, the auditor noted that such public email services "should be blocked on agency ICT systems, as these can provide an easily accessible point of entry for an external attack and subject the agency to the potential for intended or unintended information disclosure."
Prime Minister and Cabinet told the auditor that it would cease allowing staff access to free email services from July 1.
Other agencies included in the electronic security audit also agreed to the recommendation to stop using public email.
They were Medicare, ComSuper and the Australian Office of Financial Management.
Password security
The auditor also called on agencies to review log-in credentials after administrator or service account passwords were compromised at three of the four agencies examined in the report.
A ‘brute force’ test resulted in around 20 percent of passwords being compromised, according to the audit.
As a percentage, the results "compared reasonably favourably with some private sector and state government agencies", the auditor noted.
However, the compromise of administrator and/or service account passwords was a concern.
To reduce the risk of attackers gaining access to privileged access accounts, the audit recommended that agencies review the passwords and policies for administrator and service accounts and, where required, set password complexity requirements suited to that level of system privilege.
Other results
The Audit highlighted other areas to improve network security including:
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.