Introduction to City Group Bank

Discuss about the Networking Security for Common Malwares and Threats.

The City Group Bank is one of the busiest banks.  The bank was established in the in 2003 and have a total of 300 employees who are distributed in different branches of the bank. City Group Bank has 15 branches that are distributed in various parts in Australia. The employees include accountants, internal auditors, financial managers, tellers, loan officers, bookkeepers, clerks, customer service representatives, deposit-operations specialists,  Information and Technology managers, banking sector president, associate examiners, risk analysts, relationship officers, document delivery drivers, credit analysts, branch managers, HR manager, receptionist and other employees. Every employee has a task to accomplish, for the success of the business.  The bank has many over 5 million clients. The clients can acquire the services from any branch. Therefore, the bank has to ensure that the banking system is up-to-date in every branch. This enhances convenience to all the City Group Bank customers. 

With the banking system there is a number of threats that could affect the daily operations in the bank. The threats include mobile banking risks,  social network risks, malware attacks, botnets, DOS attacks, phishing, ACH Fraud, cloud computing risks, inside attacks, first-party fraud and skimming.

Mobile banking is the latest technology in banking industry, but it is more to the most risks (“Vulnerabilities in network systems”, 2018). Mobile banking is on the rise in City Group Bank. Mobile banking is challenging for the banks, as controls to ensure the bank transactions are protected do not apply in mobile applications as they do on desktop applications (Beckett, 2015). The main feature is the storage of user details on the hidden files on the smart phones. Mobile malware such as Mitmo and Zeus have been identified.

 The social networks such as Twitter and Facebook have enabled people to create fake site. People tend to use such account and end up fooling customers and having some customer share the user bank details. There is a high risk of internal data leakage via the social media platforms. To mitigate the problems then City Group Bank has to spell out networking policies to all the employees. The must be conditions of using the social networks in the course of their jobs. The employees should share the appropriate information on the social networks (Tryd?d, Orekhova, Zelenska & Fialkovska, 2015).

There are various malwares that get to the banking systems. Denial-of-Service is mainly known as DOS is the most common attack.  The DOS is waged by the hacktivist groups such as Izz ad-Din al Qassam Cyber Fighters. Bank institutions have made improvements of finding ways to mitigate the effect of DOS attacks into the bank systems. Most banks have insufficient technical tools to fight DOS attacks. DOS is one of the major threats in City Group Bank.

Challenges Faced by City Group Bank

Phishing is another issue that has affected the banks. Phishing rate is increasing in the banks. The Fraudsters tend to design very polished messages that may they send to the customers and the bank employees. The messages appear to be genuine from the Bank but in reality, the fraudsters tend to use the message to get confidential messages from the customers. There are various types of phishing. They include: deceptive phishing, spear phishing, CEO fraud, pharming and drop box phishing. The banks can try to curb most phishing attacks but not all. The phishing is evolving to adopt new techniques. The banks can conduct security awareness to reduce phishing.

Another threat the bank is facing is ACH. This is also referred to as corporate account takeovers. The customers tend to be guilty of the fraud incidents and the losses. This involves the bank attacks with criminals trying to steal money from the bank. The bank is required to deploy lines of defense such as desktop hardening, anti-Trojan services and out-of-band authentication.

Skimming is also another threat to the bank industry. The ATM skimming and skimming at the point-of-sale systems are the common types of skimming. The blitz or flash attacks show that there is more sophistication among the counterfeit-card operations. Blitz or flash attacks involves simultaneous withdrawal of funds from multiple ATMs in different areas, and could be scattered all over the world.

Finally, first-party fraud poses security challenges in the bank. The crime involves a customer who applies for credit and does not intend to repay it later. These applicants use synthetic identification or give false information about their real identity. This act tends to bring losses in the banks, since there are many applicants of such character. 

The branches in City Group are connected to a similar system via the Network. The servers are centralized. All the branches have shared resources. All the devices in City Group bank are connected to each other via a network. The network is very useful but, has some faults too. The network is prone to attack. The networking devise that are used in the bank to make a successful connection with all computer are many and can be vandalized. The networking devices include: routers, gateways, Ethernet cables, modems, transceivers, firewalls, ISDN adapters, bridges, hubs, switches, CSU/DSU, network interface cards (NICs), bridges and wireless access points (WAPs). The highlighted devices have roles to play in the networking system.

Network Devices Used in City Group Bank

The hub has more ports to enable the connection of more computers to the internet. One port is connected to the data and the other port feed the computers with data. The hub allows less bandwidth. The switch offers the same functionality as the hub exception for the bandwidth. The switches have a higher bandwidth there are used in connection to servers. The Ethernet cable (CAT6) are used in the connection of the networking devices. The Bridges is used to connect networks. The network can be divided into subnet to reduce traffic. The bridge is used in the reconnection of the subnets. The routers are used to connect to the internet service providers, often referred to as ISP. The routers determine the path of the data in the network. There are two types of routers, dedicated router and server-based routers (IEEE Standard Environmental and Testing Requirements for Communications Networking Devices Installed in Electric Power Substations – Redline, 2011). The dedicated routers performs with the hardware devices while, the server-based routers are dedicated to the server system. The gateway is another useful device in networking. The gateway is used to translate data from one format to another. The gateway does change the data format but does not change the data. The Channel Service Unit (CSU) and the Data Service Unit (DSU) are used in he translation of data between the LAN data format and the WAN data format. Some employees in the branches use Wi-Fi and others use Ethernet cable to connect to the internet. The modem is used to convert the analog signal into digital signals so that the data signal can be transmitted via the data cables. The Network Interface Cards (NIC) are used to connect computers to the network. The wireless Access Points (WAP) are used in the transmitting and receiving LAN and WAN radio signals. The WAP provide a connection between the WAN and LAN. The transceivers are used to integrate the network devices such as the Network Interface Cards. Finally, the firewall is used in controlling access into the banks network. To access the banks network there has to be authentication required.

 The network devices discussed above are subject to destruction and abuse. Some of the problems that the company faces with the networking devices include: poor quality devices, errors from the devices, mishandling of the devices. The vulnerability include password sharing, lack of password protection and employees who set weak password and do not change the password often (“Vulnerabilities in network systems”, 2018). The hackers take advantage of weak passwords and can hack into the bank’s network. Also, the employees have more jobs to perform than necessary. They might end up messing up with the system data. Another vulnerability is that the work are not set to lock during the inactive period or if a user tried to enter the wrong password many time. Most unauthenticated users try to enter a password a number of times till the system accepts the password (Probst, 2010). The system should be set to lock after a number of attempts to enter the wrong password.

Vulnerabilities and Risks of Network Devices

Another vulnerability is lack of application security. If the banking system lack security then it is subject to attack. Some application security issues include cross-site scripting, application misconfiguration, lack of access control, lack of authentication and code injection. With these vulnerabilities criminals such as hackers gain access to the network and may do hazardous activities in the network (Abrahamsson & Oza, 2010).

Network hackers are always try all was to hack companies’ network especially the finance institutions. Most of these hacker perform the hacking activity during the night hours, to reduce the chances of awareness of the hacking process by the organization. The areas that are target by the hackers are many. First a hacker could use social engineering to gain confidential information from the company and pretend to be an employee in City Bank. The mail servers are also used by the hackers to gain access to the network. The hackers also find the vulnerabilities in the firewalls that are not updated or configured properly. The firewall should be configured properly. The hackers also try to filter the routers using SNMP scanners. If the routers are filtered successfully, then they are turned into bridges and allow unauthorized users to the network. Finally, the hackers can intercept data being transmitted to the mail servers. To prevent this the data being transmitted should be encrypted (“Security Risk Management”, 2011). 

City Group can ensure reliability of the web service by educating the employees on ways of using the system. The employees should be aware of the importance of using strong password while logging in. The employees and customers should also be discourage from share the confidential information such as password and PINs (Michael, 2012). As the bank uses Windows Server 2012, the secure administrative host are already configured for security purposes. The server offers a chance for the users to reset the password for the administrative users. The administrative host are desiccated to the administrative functions only (“Implementing Secure Administrative Hosts”, 2018). The emails, websites do not run on these server for security purposes. Microsoft offers security tools to integrate into the system. The tools provide configuration baseline security settings. Specific configuration depend on the architecture of the administrative settings. The security is enhances as the passwords are not cached by the system (Kowalski, Dymora & Mazurek, 2016). 

City Group Bank uses Microsoft Exchange server to provide mails to the staff. There are many advantages of using Microsoft Exchanger. First, Microsoft Exchanger as future to enhance security. The mails are confidential and not accessible to unauthorized users. Microsoft Exchanger allows the employees to use the system to its full potential without worrying of insecurity. Microsoft exchange offers a monitoring feature that allows the users to detect any issues that may arise in the system (“What Are the Benefits of Using Microsoft Exchange Server?” 2018). The Microsoft Exchange Server has most of its activities automated, this gives time to the administrator to deal with complex issues.  The advantages of Microsoft Exchanger are so important to the businesses.

Solutions and Best Practices for Ensuring Network Security in City Group Bank

Some of the employees report that the organization website is slow. The website server needed to be restarted for a fast processing of the website content. Other employees complaining that they can login to the server. Some could have forgotten the passwords while for other the email address could be blocked by the server. Some email addresses are blocked due to several attempts to try login in the server. This is a protective measure of the server.

There are many types of malware and threats in City Group. They include: Botnets, Distributed denial-of-service, hacking, phishing and pharming. To curb the threats the company has installed anti-virus, installed firewall and ensure good security configuration in all computers and servers.

The servers should encrypt the data and all soft wares in the servers should be updated (Bertino, 2012).

To improve the availability of web and mail the bank should ensure that every software is up-to-date. The server should be automated in mail process to ensure the mail services are secure (“Three ways to improve mail center efficiencies”, 2018). The bank should enhance accuracy and barcoding. Barcoding will help in document integrity, data security and fixing workflows (Schröder & Hruschka, 2016).

Human factors related to network security and risks include: excess privileges, errors and omission, authorized access, identity theft, denial of services and phishing (“Common Threats”, 2018). The employees and customers should have limited privileges in the system. This is because most users are technology ignorant. The users of the systems should be educated on how to use the system. The system should detect the errors entered by human.

 The web server has logs for every activity that is done in the system. The logs help to keep track of all activities in the system (“Intro to Log Management”, 2018). The logs help the administrator to solve some problem. The administrator can tell the causes of some errors in the system by viewing the logs. There is software that help to analyze the logs and give much understandable information and send notification of the errors detected. There are various logs in the system. They include: monitoring logs, production logs, transaction logs and error logs (“What is the System Log (Syslog)? – Definition from Techopedia”, 2018). The events in the systems are recorded in different logs. The latest logs overwrite the previous logs. The new folders are automatically created for the older logs. The logs are helpful to the administrators as they can tell the activities happening in the system. To perform a successful monitoring of the logs a log-based intrusion detection tool is used. GFI Events Manager is one of the tools a company can use. GFI Events Manager is used in implementing due diligence requirements added by auditors or the regulatory agencies. GFI Events Manager perform intrusion detection and reports network security by monitoring the event logs on the servers and the workstations. The GFI Events Manager gives instant report in case of any intrusion or attack. The administration panel is then required to solve the problems reported by the system. The GFI Events Manager is installed in the server and workstations but, the connections are integrated to a one network monitoring system to register all the systems being monitored.

There are a number of network security devices. The devices include antivirus software, firewalls, content filtering, web cache, penetration testing device and many more. The network security devices are categorized in four categories. The categories include: active devices, passive devices, preventive devices and the unified threat management. The active devices include: firewalls, antivirus and the content filtering devices. Secondly, the passive device includes intrusion detection devices. Thirdly, penetration devices include the tools that are used to scan the network for potential problems. Finally, the unified threat management (UTM) which, provides the general security purpose. 

Conclusion

The bank system is prone to many threats. The threats can cause some problems in the banking transactions. This may lead to loss of customers if their transactions are interfered with. Threats that can interfere with the banking system can be solved using the approached highlighted above. The approaches include use of antivirus, intrusion detection devices, Unified Threat Management (UTM), firewalls and the content filtering devices. Use of the approach the system can be secure of hackers and other unauthorized personnel.

From a look at the threat that can be faced with the Banking System. Much security measures need to be taken into action. The bank system needs to secure to ensure confidentiality of the customer information. The network security device need to be embedded in the bank system. A secure system will bring out good services to the customers. 

References

Three ways to improve mail center efficiencies. (2018). Retrieved from https://www.pitneybowes.com/us/shipping-and-mailing/case-studies/three-ways-to-improve-mail-center-efficiencies.html 

Vulnerabilities in network systems. (2018). Retrieved from https://searchsecurity.techtarget.com/tip/Vulnerabilities-in-network-systems 

What is the System Log (Syslog)? – Definition from Techopedia. (2018). Retrieved from https://www.techopedia.com/definition/1858/system-log-syslog 

Intro to Log Management. (2018). Retrieved from https://docs.logentries.com/docs/log-management/Common Threats. (2018). Retrieved from https://www.getcybersafe.gc.ca/cnt/rsks/cmmn-thrts-en.aspx 

What Are The Benefits Of Using Microsoft Exchange Server?. (2018). Retrieved from https://www.streetdirectory.com/travel_guide/124114/microsoft/what_are_the_benefits_of_using_microsoft_exchange_server.html 

Implementing Secure Administrative Hosts. (2018). Retrieved from https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-pctices/implementing-secure-administrative-hosts 

Vulnerabilities in network systems. (2018). Retrieved from https://searchsecurity.techtarget.com/tip/Vulnerabilities-in-network-systems 

Security Risk Management. (2011). Network Security, 2011(10), 4. doi: 10.1016/s1353-4858(11)70103-9 

Beckett, P. (2015). The business risks of using smartphones. Network Security, 2015(11), 16-17. doi: 10.1016/s1353-4858(15)30101-x 

Michael, K. (2012). Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. Computers & Security, 31(2), 249-250. doi: 10.1016/j.cose.2011.12.011 

Tryd?d, ?., Orekhova, K., Zelenska, M., & Fialkovska, I. (2015). THE EVOLUTION OF THREATS TO COMPANY’S FINANCIAL SECURITY. Financial And Credit Activity: Problems Of Theory And Practice, 1(18), 88. doi: 10.18371/fcaptp.v1i18.46127 

Bertino, E. (2012). Data protection from insider threats. San Rafael, Calif. (1537 Fourth Street, San Rafael, CA 94901 USA): Morgan & Claypool. 

Probst, C. (2010). Insider threats in cyber security. New York: Springer. 

Kowalski, D., Dymora, P., & Mazurek, M. (2016). Failover clustering in Microsoft Windows Server 2012. Scientific Journals Of Rzeszów University Of Technology, Series: Electrotechnics, 57-65. doi: 10.7862/re.2016.10 

[publisher not identified]. (2011). IEEE Standard Environmental and Testing Requirements for Communications Networking Devices Installed in Electric Power Substations – Redline. [Place of publication not identified]. 

Abrahamsson, P., & Oza, N. (2010). Lean enterprise software and systems. Berlin: Springer. 

Schröder, N., & Hruschka, H. (2016). Investigating the effects of mailing variables and endogeneity on mailing decisions. European Journal Of Operational Research, 250(2), 579-589. doi: 10.1016/j.ejor.2015.09.046