Click to return to BOL home page
Banker Store Read A Reg Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Checks BOL Conferences CrimeDex FREE Briefings Banker Tools
 

Support for BOL is provided by:

MAIN CONTENT 
Compliance

    Agency Road Maps

    Alphabet Soup

    Compliance Tools

    FACTA/FCRA

    OFAC

Lending

    FACTA/FCRA

    Lending Tools

    SCRA

Marketing

Operations

    Check 21

    Operations Tools

    SAR Resrch Guide

Security

    AML/BSA

    Bank Robbery

    Counterfeits

    ID Fraud/Phishing

    Security Tools

Technology/eBanking

    Info Security


SPECIAL AREAS 
BOL Archives

BOL Blogs

Briefing Archive

Calendar

Court Watch

e-Card Exchange

Examiner's Corner

Executive Briefing

HR Corner

Infovault

Launch Pad

Regulator Roadmaps

Risk Management

Site Map

Site Orientation

Top Stories


~ ~ ~
SERVICES 
CrimeDex

Em@il Education

ID Verification


~ ~ ~
SHOP 

Banker Store
Bankers Info Ntwk
Vendor Connect

CONNECT 

Career Connect

Learning Connect

Vendor Connect

Guru Central

INTERACT 

Ask a Guru
Bankers Threads

Contact Us

Give Us Feedback


TOOLS 

BOL Toolbar

60 Second Solutions

Alphabet Soup

Banker Tools

BOL Forms

FUN 

BOL Recipes

eCard Exchange

LEARN MORE 


About Our Sponsors
About Us





Print Friendly! Email This Article! Discuss NOW!


Is Our Network Really Secure?
Jimmy Sawyers, BOL Guru
Guru Bios

Question: We feel that our network is very secure against attacks that originate on the Internet. Are there other areas about which we should be concerned?

Answer: Many times the Internet may be in fact the most difficult way to penetrate the financial institution's network. Direct dial to a modem may be easier. Using simple communications utilities and software such as Hyperterminal or PC Anywhere, you can test direct dial connections for vulnerabilities. If the modem is left on, it is sometimes fairly easy to establish a connection and get a login screen. Hopefully, the penetration will end there if user identification and password protection is activated.

Unbeknownst to financial institution management, vendors sometimes leave security holes in networks so vendor support personnel can dial in conveniently. Such dial-in access should be restricted to the authorized vendor, and the modem should be turned off until vendor support personnel call and request access.

Be aware that some vendors use very simple user identification and password combinations for their access, so just because this security feature is activated does not mean that adequate security is in place.

Your overall Information Security Program should include the proper risk assessments, policies, external and internal IT audits and reviews, network vulnerability assessments, network security technology (i.e., firewalls, anti-virus, intrusion detection systems, ongoing vulnerability scanning, content filtering, etc.), and security awareness and education for your end users, as most security threats continue to be internal.

First published on BankersOnline.com 08/14/06





Open the newly required
"UAD" .XML appraisals
Download Free UAD Reader

Privacy Policy    Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.