Skip to content

Non-Network Vulnerability

Answered by: 

Question: 
We feel that our network is very secure against attacks that originate on the Internet. Are there other areas about which we should be concerned?
Answer: 

Many times the Internet may be in fact the most difficult way to penetrate the financial institution's network. Direct dial to a modem may be easier. Using simple communications utilities and software such as Hyperterminal or PC Anywhere, you can test direct dial connections for vulnerabilities. If the modem is left on, it is sometimes fairly easy to establish a connection and get a login screen. Hopefully, the penetration will end there if user identification and password protection is activated.

Unbeknownst to financial institution management, vendors sometimes leave security holes in networks so vendor support personnel can dial in conveniently. Such dial-in access should be restricted to the authorized vendor, and the modem should be turned off until vendor support personnel call and request access.

Be aware that some vendors use very simple user identification and password combinations for their access, so just because this security feature is activated does not mean that adequate security is in place.

Your overall Information Security Program should include the proper risk assessments, policies, external and internal IT audits and reviews, network vulnerability assessments, network security technology (i.e., firewalls, anti-virus, intrusion detection systems, ongoing vulnerability scanning, content filtering, etc.), and security awareness and education for your end users, as most security threats continue to be internal.

First published on BankersOnline.com 10/02/06

First published on 10/02/2006

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics