Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Technology

Posted By Gbaf News

Posted on February 12, 2014

THE DMZ AS A LIABILITY FOR BANKS

By Ronen Kenig/Safe-T

Customers are demanding the convenience of direct access to their data using their mobile devices, and banks are revamping their IT infrastructure in order to launch self-service applications for opening new accounts, applying for loan, mortgages and other retail banking functions.

However, sharing information through the corporate banking network also introduces security risks. As more and more sensitive data from the internal network is duplicated in the DMZ (demilitarized zone), this perimeter network designed to be a buffer zone has become a prime target for hackers.

The Dmz As A Liability For Banks

The Dmz As A Liability For Banks

Recent data breaches, including the famous Target incident where data from 40 million debit and credit cards was exposed has raised public awareness of the possible risks.  One bank executive feared that thieves who managed to steal encrypted personal identification numbers (PINs) would make fraudulent withdrawals from consumer bank accounts.

Whenever there is a breach that could result in compromising consumers’ bank accounts this news winds up on the front page of The New York Times, and banks want to take whatever precautions are necessary to avoid the resulting financial losses and brand erosion.

With the increase in online banking the DMZ, initially intended for housing non-confidential, static information for external access has become crowded with servers containing highly sensitive enterprise data.   Bank statements are stored in the DMZ before being sent to customers exposing customer personal data and financial information. In addition synchronization of account information between bank branches also requires duplication of data in the DMZ increasing the risk of identity theft and the loss of sensitive financial data.

A streamlined DMZ, designed for security

The fundamental security vulnerability in most DMZ implementations is caused by the fact that the DMZ’s network ports remain open to the Internet. As a result, they expose the entire network to external attacks. Hackers relentlessly scan networks for open ports to exploit in order to gain access to the internal network from which they can steal data.

Although firewalls and proxy servers monitor and filter all incoming communications, the fact that the ports remain open makes the entire network susceptible to external attacks. Malicious code, which continuously evolves and becomes ever more sophisticated, can be embedded in legitimate communications in order to exploit design, implementation and configuration weaknesses and circumvent these monitoring and filtering mechanisms. Even if all security mechanisms are kept current and validated vigilantly, the reactive nature of identification of threats and creation of counter-measures creates windows of opportunity for external threats to defeat the network.

In addition to security vulnerabilities, the DMZ network configuration also imposes a costly operations burden on the enterprise. To use the DMZ network to protect against external threats, data and services in the internal network must be duplicated in the DMZ. This duplication requires additional hardware and software, as well as perpetual replication processes to ensure that data is synchronized between the internal network and the DMZ. This additional hosting and synchronization requires a complex layer of data and network operations which can be complicated and costly to manage.

A streamlined DMZ can eliminate these weaknesses. By utilizing two nodes, one on each side of the firewall, requests can be received and data can be streamed rather than the traditional method of storing sensitive data in the DMZ. Using this method there is no need to open inbound ports on the internal firewall. As a result, there is a complete blocking of any network or Layer 4 based attacks such as port scanning, ICMP scanning, and TCP based attacks.

The external node does not need to run an application in order to handle incoming sessions, but utilizes instead listener technology making it impossible to hack into and take control of the external node to initiate attacks.

Before making any significant changes to the way enterprises store and transfer sensitive information, the role and architecture of the traditional DMZ has to be evaluated by each organizations’ IT and security teams. When appropriate, by deploying a streamlined DMZ, IT managers can provide improved security, while reducing the DMZ’s hardware and software footprint simplifying network management and business operations.

About Safe-T: Safe-T is a fast growing information security start-up with a vision to protect data in transit and at rest by securing business workflows in the most simple and seamless way. Focused on providing security solutions for enterprises with a focus on financial institutions, Safe-T enables organizations to benefit from enhanced productivity and efficiency, heightened security, and improved regulatory compliance. With offices in North America, Europe and Asia, Safe-T provides solutions to insurance companies, financial organizations, healthcare, universities, public safety organizations, manufacturers and technology transfer companies, enabling them to protect intellectual property, improve operational efficiency, ensure compliance and reduce IT costs.

Recommended for you

  • The Future of Asset Management: Technology-Driven Innovations and Client Expectations

  • How can we ensure privacy in the digitization of healthcare?

  • Quantum Computing: Unleashing Disruptive Potential and Strategic Industry Implications