Results 1 to 6 of 6

Thread: banking security and encryption

  1. #1
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121

    banking security and encryption

    so i was in the bank a few days ago and i was looking at some of the computers they were using as i walked by some offices. i immediately realised that they were using windows computers (Dell specifically) and had to wonder how is their security special? i realised there must be some measures they take to make sure their databases and all online banking is safe. does anyone here know what they use.

    i dont have a bank account that supports online banking, so i cant really check what they use. im sure it also varies on bank accounts, but there's probably similarities.
    anyone know what they use inside their networks?
    also, its not really cryptology related but what firewall's do they use?
    i dont want to ask to many questions because it probably starts looking a little strange but id like to know what ever anyone feels is ok to post

    i ask because of curiosity and also because of the fact that if banks need higher security whats to keep me from implementing the same security (other than money, time, and bandwidth limitations that dont outway value of improved security )
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  2. #2
    Junior Member
    Join Date
    Sep 2005
    Posts
    16
    Propitiatory SAP/ADAP modules (Zeus) on IBM crypto drives. That is all I can say since different companies use different schemes relating to security.
    Time lost will never be found again.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    You would think banks encrypt all their databases and customer information, that's what you expect. They have a reputation of being "responsible". Unfortunately not all banks do Unfortunately some banks think "It'll never happen to us".. Some banks don't even have qualified IT personnel..

    And finding out what your banks uses (or not), good luck! I doubt they're going to tell you, even if you ask them politely as most of this information is considered a security risk..

    The firewalls used also varies between banks. Most of the bigger banks use the more higher end firewalls like Cisco's PIX and Checkpoint's FW/1. But again that depends on the bank and again you're not very likely to get an answer from a bank if you ask them what firewall they use..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    i immediately realised that they were using windows computers (Dell specifically) and had to wonder how is their security special?
    About 90% of computers in offices run Windows. The other 10% percent run Macs for (ads,graphics etc..) and Unix/linux distros. This shouldn't be any surprise.

    does anyone here know what they use.
    SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange.

    http://www.google.com/search?hl=en&q...=Google+Search

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Originally posted here by SirDice
    [B]You would think banks encrypt all their databases and customer information, that's what you expect.
    Most of them dont encrypt databases. why? Because its a kind of balance between how much the information worth what is the cost to protect it. Usually, the only information that is encrypt is password and other idenfitication structures. Everybody rely database security on:

    a) O.S. / DBMS security
    b) logs

    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  6. #6
    Member
    Join Date
    Sep 2005
    Posts
    77
    Working for a MSSP, I can shed a LITTLE bit of light on the subject. Assuming the bank wants to be FDIC insured, they have to meet several compliances, including Sarbanes Oxley. The FDIC will often assign or give the bank a list of auditors to chose from who will come in on a regular basis to run audits/scans/pen test's. Most small to medium sized banks will hire 3rd party companies (more cost effective) to assist in meeting the various compliances imposed by the FDIC. Typical configurations mandatory in the architecture include firewalls, VPN's between sites or Frame Relays, 24hour monitoring, IDS/IPS, gateway + Desktop virus protection & availability of monthly reports. Almost all of which are managed/monitored by the 3rd party companies... unless the bank is big enough to support an IT staff.

    Forgot to mention, if the bank fails an audit, the have get a short time if any to fix the holes. If they don't, they lose the FDIC backing.

    *AND, the MSSP managing any of the banks security have to be FDIC approved to provide their security. If THEY fail to meet the FDIC audits, then they lose the ability to provide security to any FDIC insured bank.
    %42%75%75%75%75%72%70%21%00

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •