December 27th, 2005, 02:35 AM
banking security and encryption
so i was in the bank a few days ago and i was looking at some of the computers they were using as i walked by some offices. i immediately realised that they were using windows computers (Dell specifically) and had to wonder how is their security special? i realised there must be some measures they take to make sure their databases and all online banking is safe. does anyone here know what they use.
i dont have a bank account that supports online banking, so i cant really check what they use. im sure it also varies on bank accounts, but there's probably similarities.
anyone know what they use inside their networks?
also, its not really cryptology related but what firewall's do they use?
i dont want to ask to many questions because it probably starts looking a little strange but id like to know what ever anyone feels is ok to post
i ask because of curiosity and also because of the fact that if banks need higher security whats to keep me from implementing the same security (other than money, time, and bandwidth limitations that dont outway value of improved security )
if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
my home my forum
December 27th, 2005, 06:14 AM
Propitiatory SAP/ADAP modules (Zeus) on IBM crypto drives. That is all I can say since different companies use different schemes relating to security.
Time lost will never be found again.
December 27th, 2005, 09:39 AM
You would think banks encrypt all their databases and customer information, that's what you expect. They have a reputation of being "responsible". Unfortunately not all banks do Unfortunately some banks think "It'll never happen to us".. Some banks don't even have qualified IT personnel..
And finding out what your banks uses (or not), good luck! I doubt they're going to tell you, even if you ask them politely as most of this information is considered a security risk..
The firewalls used also varies between banks. Most of the bigger banks use the more higher end firewalls like Cisco's PIX and Checkpoint's FW/1. But again that depends on the bank and again you're not very likely to get an answer from a bank if you ask them what firewall they use..
Experience is something you don't get until just after you need it.
December 27th, 2005, 02:07 PM
About 90% of computers in offices run Windows. The other 10% percent run Macs for (ads,graphics etc..) and Unix/linux distros. This shouldn't be any surprise.
i immediately realised that they were using windows computers (Dell specifically) and had to wonder how is their security special?
SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange.
does anyone here know what they use.
December 27th, 2005, 04:29 PM
Most of them dont encrypt databases. why? Because its a kind of balance between how much the information worth what is the cost to protect it. Usually, the only information that is encrypt is password and other idenfitication structures. Everybody rely database security on:
Originally posted here by SirDice
[B]You would think banks encrypt all their databases and customer information, that's what you expect.
a) O.S. / DBMS security
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt.
If I die before I wake, I pray the Lord my soul to brake.
December 28th, 2005, 08:36 PM
Working for a MSSP, I can shed a LITTLE bit of light on the subject. Assuming the bank wants to be FDIC insured, they have to meet several compliances, including Sarbanes Oxley. The FDIC will often assign or give the bank a list of auditors to chose from who will come in on a regular basis to run audits/scans/pen test's. Most small to medium sized banks will hire 3rd party companies (more cost effective) to assist in meeting the various compliances imposed by the FDIC. Typical configurations mandatory in the architecture include firewalls, VPN's between sites or Frame Relays, 24hour monitoring, IDS/IPS, gateway + Desktop virus protection & availability of monthly reports. Almost all of which are managed/monitored by the 3rd party companies... unless the bank is big enough to support an IT staff.
Forgot to mention, if the bank fails an audit, the have get a short time if any to fix the holes. If they don't, they lose the FDIC backing.
*AND, the MSSP managing any of the banks security have to be FDIC approved to provide their security. If THEY fail to meet the FDIC audits, then they lose the ability to provide security to any FDIC insured bank.