Security of U.S. Government Sites Improved Only Slightly: Report

为了保障安全,多个国家的政府拟禁止使用免费邮件服务和网络硬盘。

The security of websites owned by the United States government has improved only slightly in the past months, according to a report published on Monday by the Information Technology and Innovation Foundation (ITIF).
ITIF has analyzed nearly 300 of the most visited U.S. government websites to see if they are fast, secure, mobile friendly, and accessible for users with disabilities. In terms of security, the study focused on whether these sites use HTTPS, DNSSEC, and if they are affected by known vulnerabilities.
万通地产:募集资金存放与实际使用情况的专项报告
According to ITIF, of the government websites included in the top 100,000 of the Majestic Million ranking, 75% use HTTPS, which encrypts communications between the user’s browser and the site. This represents a 3% decrease compared to data from a report published by the organization in March. However, overall, the percentage of government sites that have properly implemented SSL has increased from 67% to 71%.
Of the 260 sites tested for both reports, 31% showed improvement in SSL deployment, while 14% were less secure.
The U.S. Department of Homeland Security (DHS) recently ordered all federal agencies to start using web and email security technologies such as HTTPS, DMARC and STARTTLS within the next few months.
ITIF’s report shows that 8% of websites have not implemented HTTPS at all, but this is still an improvement compared to the 14% from the previous report. The Department of Defense (defense.gov) is one of the agencies that recently rolled out HTTPS, and the International Trade Administration (trade.gov) is among those that still lack the security feature.
SSL tests, conducted by ITIF using Qualys’ SSL Server Test, also showed that some government websites have important vulnerabilities. For example, the Trade Representative (ustr.gov) and National Weather Service (weather.gov) sites are vulnerable to POODLE attacks, and trade.gov and tsunami.gov (Tsunami Warning Centers) are susceptible to DROWN attacks.
As for DNSSEC, the protocol designed to prevent attackers from redirecting users to malicious sites via DNS spoofing, ITIF found that 90% of U.S. government websites have it enabled. Since the previous report, 15 federal sites activated DNSSEC and two deactivated the feature.
“Of the top 100,000 websites reviewed only 70 percent passed both the DNSSEC and SSL test. Several of these top 100,000 websites did not have DNSSEC or HTTPS implemented. One example is the Administrative Office of the U.S. Courts (uscourts.gov), which also scored low in the security category in the initial report,” ITIF said in its report.
Shortly after the DHS ordered federal agencies to improve their security, Agari analyzed government websites to see how many had implemented the DMARC anti-email spoofing protocol. In mid-October when the company published its report, nearly 82% of websites lacked DMARC entirely.
Related: U.S. Government Cybersecurity Ranks 16th Out of 18 Industry Sectors
公司在制定社会媒体政策之前,需要询问七个关键问题,包括社交媒体的战略、政策制定人选、员工的职责以及员工社交行为的监控负责人。

猜您喜欢

小小加油员开启朝阳河油库参观之旅 打探高科技还学到安全知识
实施华丽的EHS意识培训,只需三步!
网络安全法培训短片
刘德华原来是甜品高手 每年亲手做生日蛋糕给女儿
KALITELIPORNOIZLE PRESAGIS
信息安全年会关注的焦点是信息安全意识