U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Assessment of NRC’s Wireless Devices

Report Information

Date Issued
Report Number
OIG-10-A-18
Report Type
Audit
Joint Report
No
Agency Wide
No (location specific)
Questioned Costs
$0
Funds for Better Use
$0

Recommendations

Install tamper-evident systems on SLES wireless and wired clients (such as tamper-evident tape on the wireless client external case, the non-volatile random access memory (NVRAM) battery, and the solid-state drive) to enhance detection of unauthorized access to internal components; and perform periodic checks to ensure the tamper evident systems have not been disturbed.

Conduct a system engineering trade study to determine the feasibility of installing drive encryption software on SLES wired and wireless clients for operating system and file protection, and implement drive encryption if justified by the trade study.

Disable auto-run on all SLES wireless clients for administrator and user accounts.

Use administrative passwords for SLES wireless clients that are at least 15 characters long, or configure the Windows XP Embedded operating system on the wireless client to prevent storage of LAN Manager hash password values in the security accounts manager database

Deploy an improved detection and reporting process for unauthorized connections to SLES wireless access points and internal scanning activity on SLES.