NASA IT Vulnerability (Computerworld)

Andre Kesteloot andre.kesteloot at verizon.net
Wed Mar 30 13:50:13 CDT 2011 

  Critical NASA network was open to Internet attack

By Tim Greene
March 29, 2011 02:44 PM ET
Recommended 
<http://www.computerworld.com/comments/anon_vote/node/9215305/1?destination=node/9215305/elq/security> 
(0 
<http://www.computerworld.com/comments/anon_vote/node/9215305/1?destination=node/9215305/elq/security>)

Network World - Six NASA 
<http://www.networkworld.com/community/blog/nasa-star-gazer-satellite-recovers-144-hour-n> 
servers exposed to the Internet had critical vulnerabilities that could 
have endangered Space Shuttle, International Space Station 
<http://www.networkworld.com/community/node/58430> and Hubble Telescope 
<http://www.networkworld.com/community/blog/nasas-hubble-spots-most-far-away-galaxy-ever> 
missions -- flaws that would have been found by a security 
<http://www.networkworld.com/topics/security.html> oversight program the 
agency agreed to last year but hasn't yet implemented, according to a 
report by the agency's inspector general 
<http://oig.nasa.gov/audits/reports/FY11/IG-11-017.pdf>.

NASA's CIO Linda Cureton 
<http://www.networkworld.com/news/2010/122110-nasa-christmas.html> says 
she has patched the vulnerabilities, but IG Paul Martin found that NASA 
still has no ongoing program for spotting and correcting similar 
problems as they arise and is giving itself until the end of September 
just to come up with a plan, according to the report titled "Inadequate 
Security <http://www.computerworld.com/s/topic/17/Security> Practices 
Expose Key NASA Network to Cyber Attack." The deadline for the plan is 
Sept. 30.

MORE ON SPACE: Gigantic changes keep space technology hot 
<http://www.networkworld.com/slideshows/2011/031811-space-layer8.html>

The six vulnerable servers were associated with IT projects that control 
spacecraft or contain critical NASA information, the report says. The 
audit also found other servers that exposed encryption keys, encrypted 
passwords and user-account information, all of which could enable 
attackers to gain unauthorized network access. The report didn't assess 
the agencywide network that isn't directly used for missions.

"These deficiencies occurred because NASA had not fully assessed and 
mitigated risks to the network and had not assigned responsibility for 
IT security oversight to ensure the network was adequately protected," 
the report says. "A security breach of a moderate- or high-impact system 
or project on this key network could severely disrupt NASA operations or 
result in the loss of sensitive data."

One server <http://www.networkworld.com/topics/server.html> was found 
vulnerable to FTP bounce attacks, which if exploited, "could have 
significantly disrupted NASA's space flight operations and stolen 
sensitive data," the report says. Other servers weren't securely 
configured, exposing the encryption keys, encrypted passwords and user 
account lists to attackers.

The IG says NASA didn't know about these problems but could have if it 
performed broad risk assessment, part of the agreed-to security program. 
"As a result, NASA's Agency-wide mission network was vulnerable to a 
variety of cyber attacks with the potential for devastating adverse 
effects on the mission operations the network supports," the report says.

In addition to the oversight program on Internet-connected servers, 
NASA's CIO promises she will start a pilot program by Aug. 21 for 
spotting risks on the rest of NASA's networks that don't have Internet 
connectivity.

The IG performed port scans using Nmap and manually verified open ports. 
It also performed NESSUS vulnerability scans.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://amrad.org/pipermail/tacos/attachments/20110330/cad954dc/attachment.html>

More information about the Tacos mailing list