Custom Search

Saturday, 21 March 2009

Internet security in the bank

Internet is all hearsay, and if you have not been dormant the past few years have undoubtedly noticed excitement around the global network. Links to current online representation firms and public organizations have everywhere: in television, print ads, brochures, business cards, the price lists, catalogs, etc.

Internet in Russia
Please note that international policy-making at every opportunity to mention the close link success of democratization in a society with the creation of "global information highway, and large corporations in the strategic development plans take into account the possibilities and potential of the Internet. Is not difficult to conclude that the global network is becoming part of world culture and fundamentally change the way we communicate and do business.

The fact that the Internet is huge, everyone knows who has something about it has heard. But how is the development of the Russian segment of the global cyberspace, known only to specialists. And they reveal: rates of development of Internet services in Russia in 2001 were ahead of the relevant American measures. Only in Moscow, an increase in the number of users over the past year amounted to 500%. During the same time, the number of Russian-speaking servers worldwide increased by almost 50 times.

Advertisement quickly mastering the Russian segment of computer networking. This channel is the dissemination of information about goods and services become as important and indispensable for companies operating in the Russian market, as well as others.

Create your own representation in the Internet - a task which, sooner or later comes to every organization, leading the commercial activities. This is important timely decision on the establishment of such representation. Those firms that actively learn Russian cyberspace, gaining invaluable experience in the creation of new communications, new technologies for decision making, corporate organization of professional communication. This experience enables us to effectively solve many problems of everyday business.

Until 2000, Russian society divided between those who have already realized this and started to use internet technology, and all others who are waiting for something, and maybe do not feel an intellectual and economic backwardness. It turned out that the delay in making a decision about the presence on the Internet, even for six months led to serious consequences, as well as more vigorous competition from the rapid formation of new relationships fundamentally changed the situation in a specific economic niche.

Now all the "sit" on the Internet. Many companies turn to the highlighted line. But it is possible that the contents of this line is more expensive than buying "cards." Network Payment is made on the basis of the obtained data, and not for the use of time. Companies providing these services, an interest that you downloaded as much information as possible, but because download speed when using the "vydelenki significantly higher than in the" dial up ", then together with the information you ???????????? all kinds of advertising and special (bulk) viruses, you do not notice. Thus the amount of information you received increases.

System "Client-Bank"
System "Client-Bank" - the most advanced technology of the customer with the bank in 2002. To connect to the internet version of "Bank-Client" must enter into an agreement with the bank.

After signing the contract you receive:
"User's identity card, containing your assigned user ID and password, a list of available commands and the user accounts, with whom he can work;
- A floppy disk containing the file certificate certifying agency bank (JSBR Certification Agency.cer), and file-preparation the key needed to generate your digital signature (EDS). By the time of installation must be:
- INTEL-standard computer with a Pentium, color monitor with a resolution of 800x600, mouse.
- Operating system Windows 95/98/NT (SP5) / 2000 with the browser Microsoft Internet Explorer 4.01 or higher (we recommend IE 5.0).
- Access to the Internet.

Many commercial banks are moving to a system of "Client-Bank" to accelerate and improve interaction with customers. But is the system safe for the bank itself?

Security Bank
Usually when it comes to the safety of banks or other companies, their leaders underestimate the importance of information content. The emphasis is on physical safety (throughput mode, security, video surveillance systems, etc.). However, in recent years the situation has changed. To penetrate the secrets of the company, there is no need perelezat through bypass perimeter fences and sensors, to invade protected by thick walls, rooms, open safes, etc. Just enter the information system and to transfer hundreds of thousands of dollars on other people's accounts or destroyed by any node corporate network. All this will lead to massive damage to the attacked organization. Depending on the type of activity your computer may be a subsidiary or a tool to facilitate the work of your employees, or tool, without which the work is in principle impossible.

But in any case before you as a human decision-making or participating in their preparation, sooner or later the question arises:

"Do I need to protect their resources and how." Answer is: to protect it. It remains only to understand why. Replies to this question may be many, and they are all directly dependent on the structure of your company and its activities.

Do not believe vendors and integrators, who say they are equally ensure the confidentiality, integrity and availability of your information. This only proves that they do not understand what they are talking about, and are unlikely to be able to offer solution for your needs. Each of their priorities for protection. One, for example, it is necessary to ensure data integrity. Banks are primarily interested in the continuity of financial transactions. Just imagine what would happen if platezhke to the amount of payment will be added to a noughts or change details of the beneficiary.

But for the operator, the primary objective is precisely to ensure the safe operation of all (or most important) of its network nodes. Put this kind of priorities can only be obtained from the analysis of the company.

Real and virtual damage
The financial damage could be direct or indirect. Examples of causing direct damage is known a great many. They manifest themselves most vividly in the financial sector. For example, in February 2002, Bank of America was forced to turn to the appropriate law enforcement authorities to investigate the incident with the emergence of a fake internet site of the bank, which was used to mislead customers in order to gain access to their confidential financial information.

Similarly, in early February fraudsters "oblaposhili clients electronic auction eBay, and have access to data on credit cards of his clients. However, the establishment of front web sites - not the only method used by attackers. Often, they penetrate into the banking system from the Internet. Thus, for example, has broken a major commercial bank Republic Bank in Florida. Hackers broke into the system and stole information on the 3600 credit cards and their owners.

However, the company may lose money, not only as a result of fraud or theft. For example, the removal of the hub of a network leads to a cost recovery of its efficiency, which is to upgrade or replace hardware and software, support staff salaries, etc.

Losses in unproductive use of the Internet (reading jokes during working hours, downloading pornography, sending spam, etc.) for a company with a staff of 100 people would be more than 80 thousand dollars a year. For comparison - the system controls the contents of a family of MIMEsweeper, to detect and block such action, there is an order of magnitude cheaper.

In terms of attacks by hackers, the cost of restoration is only one node in an attack on him will be around 50 thousand dollars a year. This is five times greater than the value of the detection system attacks RealSecure, round-the-clock protection is not one, but just a lot of nodes.

However, finance - is not all that the company may lose as a result of underestimating the importance of information security. Not the last place is reputation, which may also suffer as a result of hacker attacks. For example, in August 2001 as a result of hacker attacks at 2 hours were suspended the sale of shares of Brass Eagle exchange NASDAQ, which resulted in causing not only financial loss.

A share price of Emulex as a result of the same attacks fell by 61% (from $ 113 to $ 43) than did not fail to take advantage of the attacker, a false press release. In addition, the company's reputation Emulex, as well as Internet Wire, has suffered substantial damage. Check service Internet Wire address the source of the press release, such unpleasant things could have been avoided.

Another reason for bankruptcy
It sounds implausible, but an attack by hackers could cause not only in loss of money and reputation, but even an end to the activities of the company attacked. According to foreign experts, 25% Disclosure of confidential company information (eg, due to attacks by hackers), leading to its bankruptcy within 1-3 months.

CloudNine, a company with six years seniority, was forced to complete the business and sell a database of all its customers to its competitor - companies Zetnet. One of the founders CloudNine noted that the attack against them has been competently planned action, which lasted for more than one month. Malefactors long collected information on key servers and bandwidth. At a crucial moment and had suffered the final blow.

Shortly before the case of
CloudNine record number of attacks on other providers. For example, at the end of January 2002 affected the representation of the Italian portal of the British Internet service provider Tiscali and British provider Donhost. The first was unable to work for a few days, a second operation was disrupted for several hours.

Some cases, the answer to the question "Why should protect your information?" reads simply: "So it is necessary." Who cares? State. For some organizations, particularly those systems which processed data of state secret, a mandatory requirement to protect this information. The scope of state secrets to us, for example, is tightly regulated.

One can see that all the above examples in some way reduced to cause financial harm. Starting from the direct losses due to theft or cost recovery systems, and ending with the collapse of stock prices and customer care, which obviously also affects the income of the company, on time all the invaluable importance of protecting information.

I therefore once again appeal to all who make decisions or influence their adoption, not to postpone the issue of protection of information in the bait and quickly address the security of its information security. Moreover, there is now what to choose. I hope I was able to convince you that it is necessary to protect their information. And although the process costs money, often considerable, it will prevent much larger losses.

Maxim Klyuchnikov

Delicious Twitter Facebook Digg More