Thursday, 26 November 2015 07:38

Banking on Network Security Featured

Written by
Rate this item
(1 Vote)

Banking on Network Security

Student name

Course Title

Instructor

Date of submission

Abstract

The paper explains the banking vulnerabilities, risks, and the attacks that the financial company encounters. The article provides the different security measures employed by the banking industry to reduce and mitigate the vulnerabilities, risks, and attacks on the banking systems. The document has three sections the security on information center, the security on the general network and the security in World Wide Web.

Introduction

The issue of networking and security vulnerabilities has increased the major concerns due to constant attacks and risk striking. The major threats that attack the banking and the financial institutions include the malware attacks that include the virus attacks, the worms attack and the denial of service attacks. The malware attacks lead to the loss of data and information, deletion of data files and modification of the file formats. The phishing attacks the banking network through intercepting the packets along the network link. The intruder attacks through social engineering to gain access to the organization databases. The intruders also apply the masquerading techniques to gain access to the vulnerable network. The hackers also attack the banks server ports to gain access to the organization database. The listed attacks contribute to bleaching of the data and information security properties. The properties of data and information bleached include the data confidentiality, the data integrity, and the data availability. The solution to the security issues is implementing dynamic security paradigms to ensure that the entire banking transactions have security. The strategies applied to secure data, and information bleaching in financial companies include.

Implementing Secure Data Center in Banks

The banking companies should implement the secure distributed information centers. The financial companies implementing a distributed data and information centers must secure their data. The distributed information centers mostly work on the replication of the files and data from the central server to other application servers. The bank information managers should ensure that the there is the direct provision of the data and information recovery in the event of data loss through providing secondary data centers. The bank information management team should apply the strategies of backing up data and information in a data recovery site. The most secure backing up strategies should involve contacting a third party to provide services for data and information backup through cloud computing or any other repository space. The bank should implement both the offsite data backup (secondary data center) and the onsite data backup (primary data center) to guarantee access high speed and high throughput (Sood, & Enbody, 2011). The financial companies should implement the disaster recovery techniques and principles to ensure that the backing up of data has the regular and continuous implementation. The IT policy requires that banking data and information should implement secure encryption while in motion (Picazo-Sanchez, et al..2013).

Implementing Secure Networking Infrastructure

The banking organization implements the wired and the satellite-based transfer of the data and the information. The data and information transferred through the network to the regional offices, the third party as well as the telecommuters require security monitoring. The connection-oriented interfaces provide should provide security through segmenting the connections. The segmented connection networks should have security software and hardware. The network servers like the web server and the proxy servers of the financial organization should have firewall installations. The bank Senior Security Officer should ensure the segmented network has the Intruder Detection System (IDS) and the intruder Prevention systems (IPS) (Sales, 2013). The IDS detects, identifies analyzes and reports the intruder attempts to access the network or intercept the packets. The IDS provide information about the area under the attack. The IPS performs the learning of unique characteristics and the patterns employed by the intruders while attacking the network. The IPS records the patterns and updates to the system log. The IPS blocks the entire logging attempts. The financial organization should implement the demilitarized zone (DMZ) to guarantee that the disseminated information concerning the financial data does not cross over to the unauthorized network. The DMZ ensures that only the individuals within a particular segment of the network have the authority to gain access and to view the data transmitted via the network. The unauthorized people are blocked from the information access using the DMZ. The banking institutions should ensure that the company network has the implementation of the Virtual Local Area Networks (VLAN) applications to prevent the abstraction of the networking security. The VLAN security strategy protects the network ports and the protocols ensuring that the bank engages in secure communication zones locally and externally. The based account security on the banking clients should ensure that the authenticating procedures have clear explanations. The verification and the authentication parameters should have no bias. The banking systems should apply the biometric measures to ensure secure and safe access to the end user accounts.

The DMZ network security retrieved from https://www.sans.org/reading-room/whitepapers/firewalls/securing-network-perimeter-community-bank-33248

The Enterprise-Wide Policy Control

The financial organization spread their network through to cover the intranet and the extranet geographical areas. The distribution of the entire network involves multiple infrastructures and the transport technologies (Nanumyan, Garas & Schweitzer, 2015). The banking institution should require the international security policies to guarantee secure data and information. The bank's Chief Security Officer (CSO) should ensure that the policies regarding the bleaching of personal privacy and confidentiality have clear definition within the organization. The CSO should enforce the policies to the third party to prevent them from disseminating the confidential information relating to the bank transactions. The CSO should enforce data privacy and confidentiality rights and freedoms to ensure that the third party conforms to the International Standards for Organization (ISO) security policies. Before consulting the third party services, the banking institutes should verify if the particular third party is ISO compliance. The extranet and the intranet services provided by the banking system should have security to avoid the illegal transfer of money across the World Wide Web platforms. The banking organizations should ensure that before they venture in the wired transfer of money the correct protocols have enforcement. The smartly secured transfer of capital has guaranteed enforced International Money Transfer protocol where the involved banks need to subscribe to the services. The current trends involving the banking security cover the Radio Frequency Identification (RFID) to monitor the transactions within and at the terminals of the banking system.     

Conclusion

The banking services entail crucial information relating to the organization transactions. The basic security paradigms start with the individuals. The community should have the required information concerning the banks and the security. The bleaching of the data and the information properties entails connection in leaking particular information. The cyber crime practices involving the hackers and the intruders are the highest vulnerabilities recorded within the banking institutes. 

References

Nanumyan, V., Garas, A., & Schweitzer, F. (2015). The Network of Counterparty Risk:

Analysing Correlations in OTC Derivatives. Plos ONE10(9), 1-23.

doi:10.1371/journal.pone.0136638

Picazo-Sanchez, P., Ortiz-Martin, L., Peris-Lopez, P., & Hernandez-Castro, J. (2013).

Cryptanalysis of the RNTS system. Journal Of Supercomputing65(2), 949-960.

doi:10.1007/s11227-013-0873-3

Sales, N. A. (2013). REGULATING CYBER-SECURITY. Northwestern University Law

Review107(4), 1503-1568

Sood, A., & Enbody, R. (2011). The state of HTTP declarative security in online banking

websites. Computer Fraud & Security2011(7), 11-16. doi:10.1016/S1361

3723(11)70073-2

Read 1657 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

2014 Banking on Network Security.
Powered by Joomla 1.7 Templates