Skip to content
GeoDataVision
Page 1 of 2 1 2
Thread Options
#143317 - 12/29/03 11:50 AM Transition to the banking industry
Anonymous
Unregistered

Hello.

I'm a US-based and certified computer security
person. In the past, my forte has been in
computer crime investigation(private, not
government), especially big multi-national
corporations, and banks (I've worked many
online credit card hacking/theft cases).
However, all this has been on a few
isolated servers or networks.

I'm now making a transition to the banking
industry and anticipate my first
subcontract soon conducting the computer
security portion of an annual audit of an
overseas central bank. Specifically, I will
be doing vulnerability assesment of the
CB's IT security.

I'm very comfortable doing the vulnerability
assessment, however, since I've never
really worked directly for this industry,
I plan to familiarize myself as much as
possible with the business. I'd like to learn
how CBs work so as to anticipate where
security problems may arise.

So what books can I read? Are there any
important Internet links? Are there
international (EU/COE) regulations that
member contried need to abide by?

I'd like a wide breadth of information and
thank you in advance for all the help.

Return to Top
Security - PUBLIC
#143318 - 12/30/03 07:56 PM Re: Transition to the banking industry
Anonymous
Unregistered

Also I looking for information on
port dial arrangements for clearinghouse
centers and vulnerable ping packet
reporting, packet block override
procedures, how erase packet logging, and
to disguise as legitimate entrusted
traffic and mask originating non-US
port location over T-1. Can you abide me?

Return to Top
#143319 - 12/30/03 08:03 PM Re: Transition to the banking industry
Anonymous
Unregistered

LOL

Are you serious? As a "US-based and certified computer security person" you should be well aware of these things. How do you explain your complete lack of knowledge?

Return to Top
#143320 - 12/30/03 08:09 PM Re: Transition to the banking industry
Anonymous
Unregistered

What is it that you're actually trying to do -- presumably as a third-party consultant for your clients? My institution uses the SWIFT gateway for our inter-bank funds transfers related to the investor Collateral Management System (CMS), and I can tell you that SWIFT security is VERY strong and very well-controlled. I don't know, however, why you would be interested in a clearinghouse's internal configuration or architectural monitoring procedures.

Return to Top
#143321 - 12/30/03 08:23 PM Re: Transition to the banking industry
Anonymous
Unregistered

I don't mean to sound paranoid, but I believe that some of the more knowledgeable BOLr's familiar with this area are probably vacationing this week, which is unfortunate, because this line of questioning sounds almost like social engineering questions not suitable to a public information-sharing forum. No offense, but your line of questioning sounds as though you're playing coy and that you're really asking for inside tips on how to defeat or hack a system. I lost your train of thought after the second paragraph. Perhaps if you e-mail one of the monitor/guru-type people, they can better evaluate your need and direct you accordingly.

Return to Top
#143322 - 12/31/03 09:42 AM Re: Transition to the banking industry
Anonymous
Unregistered

I appreciate all the responses. Let me assure you
that my request was genuine and I'm not interested
in hacking you and I understand the paranoia(however,
I believe some posters are jumping the gun). There
are only so many central banks in the world and I
don't wish to disclose any further information
since that would jeopardize the security of my
clients.

I know a lot about computer security but since
security also entails workflow procedures,
processes, etc.. I think I could do my job better
by studying how central banks/international
banking works.

Return to Top
#143323 - 12/31/03 09:45 AM Re: Transition to the banking industry
Anonymous
Unregistered

(original poster)

I will be an outside independent examiner
and will be interested in a lot of the
security details of their IT. This includes
the what software they use to do outside
money transfers, how it was installed, etc..
I will also be looking into their IT security
policies, management decisions, documentation,
etc..

Return to Top
#143324 - 12/31/03 10:17 AM Re: Transition to the banking industry
cryptoguy Offline
New Poster
Joined: Dec 2003
Posts: 9
Quote:

Also I looking for information on
port dial arrangements for clearinghouse
centers and vulnerable ping packet
reporting, packet block override
procedures, how erase packet logging, and
to disguise as legitimate entrusted
traffic and mask originating non-US
port location over T-1. Can you abide me?





This is the original poster again. I did not
post the above message. The messages I posted
are the following:

#144238
#145220
#145221

From now on, I'll use this username(cryptoguy)
to post messages on this forum.

Return to Top
#143325 - 12/31/03 12:41 PM Re: Transition to the banking industry
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
The absence of a response from a Top Gun MIS person (definitely not me) isn't explained by vacations or paranoia. It only reflects their recognition of the fact that this discussion does not belong here. Someone with the background claimed by the person initiating the thread would also know that.

This thread is also emblematic of the problem with "Anonymous" posts:

Quote:

I did not post the above message. The messages I posted are the following:





In any thread where you have more than one anonymous post, you have no idea whether you are responding to a single poster who simply has random neural firings or several unidentified posters with different agendas. Here, Anonymous has realized that his identity; i.e. his line of questioning, can be taken over by someone else. Thus, he morphed into "cryptoguy" (with absolutely no identifying information). Nevertheless, future posters will be able to address their specific responses.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#143326 - 12/31/03 03:34 PM Re: Transition to the banking industry
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,546
On the Net
Ken may not qualify himself as an MIS expert but he understands these boards and people very well. He is correct.

There are posters and lurkers. And Security professionals are very aware of what may happen in discussions such as this and that is one reason there is little information here. Even if the posters were all genuine, lurkers could abuse trade secrets, hence, a lack of specifics that this thread is requesting.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#143327 - 12/31/03 03:55 PM Re: Transition to the banking industry
RBanker Offline
Power Poster
RBanker
Joined: Jul 2003
Posts: 2,675
Austin Texas
You know the thing that really points out the lack of credibility for orig poster - is what institution would hire someone that knows absolutely nothing about any of these systems. Or would not arrange on their own for the appropriate training - it really amuses me that some folks think we are really that dense.
_________________________
My comments are absolutely no reflection of, nor influenced by, my employer - take them at your own risk.

Return to Top
#143328 - 12/31/03 04:26 PM Re: Transition to the banking industry
Georgia Golfer Offline
Gold Star
Georgia Golfer
Joined: Jun 2003
Posts: 415
1st Tee
Get 'em Andy!!!!

Return to Top
#143329 - 12/31/03 04:50 PM Re: Transition to the banking industry
mfc Offline
Member
mfc
Joined: Dec 2003
Posts: 50
Oklahoma
Quote:

Get 'em Andy!!!!




Wow...assuming that the original poster is ligitimate and has no underlying motive to defraud anyone...the reaction to his post is suprising. It may deter others from posting ligitimate questions for fear they may be ambushed.

Return to Top
#143330 - 12/31/03 04:58 PM Re: Transition to the banking industry
1 Peter 5:7 Offline
Diamond Poster
1 Peter 5:7
Joined: Jun 2001
Posts: 1,339
TX
No one will be discouraged from posting. You're new. As you gain some 'feel' for this forum, you'll detect when a post is suspect. BTW, misspellings and odd grammar are one clue to lurkers. Genuine compliance pros that frequent this forum are generally meticulous about their posts.
_________________________
Opinions are mine not my employer's, and should not be taken as legal advice.

Return to Top
#143331 - 12/31/03 04:58 PM Re: Transition to the banking industry
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,546
On the Net
Quote:

It may deter others from posting legitimate questions for fear they may be ambushed.




Even some legitimate questions are not appropriate for public consumption. I would hope that people would not be afraid to ask questions, but they must consider the potential impact of both the question and answer.

As an example, asking the advantages of a dye pack is one thing, asking who is using them, or other security devices, is another.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#143332 - 12/31/03 05:49 PM Re: Transition to the banking industry
RBanker Offline
Power Poster
RBanker
Joined: Jul 2003
Posts: 2,675
Austin Texas
Also, mfc, our moderators are able to see much regarding the poster than you or I can - original e-mail address, point of origin, etc They may not always share that information with you or I, but they have access to it.
_________________________
My comments are absolutely no reflection of, nor influenced by, my employer - take them at your own risk.

Return to Top
#143333 - 12/31/03 06:00 PM Re: Transition to the banking industry
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,546
On the Net
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#143334 - 01/01/04 01:35 AM Re: Transition to the banking industry
cryptoguy Offline
New Poster
Joined: Dec 2003
Posts: 9
Quote:

The absence of a response from a Top Gun MIS person (definitely not me) isn't explained by vacations or paranoia. It only reflects their recognition of the fact that this discussion does not belong here. Someone with the background claimed by the person initiating the thread would also know that.




I just have one comment. Just because I'm asking questions
doesn't mean that I'm not knowledgeable. I pride myself in
the fact thatno matter how much I think I know, I would
always take the effort to learn more. Obviously, some people
on this list think they're genuine national security assets
(while in their real life, they're probably some low-life
bank teller in some lousy small town). To those, I have a
message: get real!

If you don't want to help, fine, just don't think that
you're too important to even answer a simple question.
Most of the information I requested could easily be found
online. Do you think that my line of questioning was too
suspicious to even offer the titles of a few books on
banking?

I could prove to you who I am by giving you my full name,
certification number, etc... but that would defeat my
original purpose of anonymity. Other than the obvious,
don't know how else I could have proved to the forum that
my request was genuine. In any case, its obvious that I'm
wasting my time here (and yours), so goodbye.

(Thanks to those who tried to help.)

Return to Top
#143335 - 01/01/04 02:11 AM Re: Transition to the banking industry
Anonymous
Unregistered

Original Anon -- I note that your earlier posts were at 4:42 a.m. and your last post was at 8:35 p.m. New Years Eve !! There can't be anyone else but me who'd read these on New Years Eve. Is it possible you're reading and posting from a country other than the U.S. which accounts for the time differences?

Return to Top
#143336 - 01/01/04 02:18 AM Re: Transition to the banking industry
cryptoguy Offline
New Poster
Joined: Dec 2003
Posts: 9
Quote:

Original Anon -- I note that your earlier posts were at 4:42 a.m. and your last post was at 8:35 p.m. New Years Eve !! There can't be anyone else but me who'd read these on New Years Eve. Is it possible you're reading and posting from a country other than the U.S. which accounts for the time differences?




No, but I do travel a lot and my timing is off right
now. Does that disqualify me from getting an answer
about what books to read to learn about international
banking and central banks?

Happy New Year.

Return to Top
#143337 - 01/01/04 05:30 PM Re: Transition to the banking industry
Don_Narup Offline

Power Poster
Joined: Jul 2001
Posts: 3,708
Las Vegas Nevada
Quote:

Most of the information I requested could easily be found
online.




Go For It Obviously this isn't one of those places
_________________________
Compliance Analysis and Research - Software for your CRA/HMDA analysis needs

Return to Top
#143338 - 01/01/04 05:34 PM Re: Transition to the banking industry
David Dickinson Offline
10K Club
David Dickinson
Joined: Nov 2000
Posts: 18,762
Central City, NE
Quote:

. . .(while in their real life, they're probably some low-life bank teller in some lousy small town). To those, I have a message: get real!



Quote:

Does that disqualify me from getting an answer
about what books to read to learn about international
banking and central banks?



No, but your rude comments don't help you get an answer.
_________________________
David Dickinson
http://www.bankerscompliance.com

Return to Top
#143339 - 01/02/04 06:08 PM Re: Transition to the banking industry
IUalum Offline
Platinum Poster
IUalum
Joined: Mar 2002
Posts: 942
Kentucky
I think maybe this thread should be deleted and forgotten.
_________________________
Opinions expressed are mine and not necessarily that of my employer.

Return to Top
#143340 - 01/02/04 06:33 PM Re: Transition to the banking industry
Happy Camper Offline
100 Club
Joined: Dec 2003
Posts: 186
2FALLS
Quote:

Quote:

. . .(while in their real life, they're probably some low-life bank teller in some lousy small town). To those, I have a message: get real!




I wouldn't be suprised if this guy's facing a discrimination and/or harassment suit!

Return to Top
#143341 - 01/02/04 07:02 PM Re: Transition to the banking industry
RBanker Offline
Power Poster
RBanker
Joined: Jul 2003
Posts: 2,675
Austin Texas
But it does point out that our poster doesn't know much about banking - most anyone on these boards will tell you that the so-called 'low life tellers' are the life blood of any financial institution and should never be ridiculed - if it weren't for my tellers, man, I'd hate to think how difficult life would be.
_________________________
My comments are absolutely no reflection of, nor influenced by, my employer - take them at your own risk.

Return to Top
Page 1 of 2 1 2

Moderator:  Andy_Z