The banking group
Download
1 / 17

The Banking Group - PowerPoint PPT Presentation


  • 308 Views
  • Updated On :

The Banking Group Jeremy Attali Josh Gerdes William Kormos Matt Tjarks Basic Diagram Corporate Office Availability Availability is a basic of security. If it’s not available, then the customer may take their business elsewhere. Have 2 different Internet access

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The Banking Group' - omer


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
The banking group l.jpg

The Banking Group

Jeremy Attali

Josh Gerdes

William Kormos

Matt Tjarks



Corporate office l.jpg
Corporate Office

  • Availability

    • Availability is a basic of security.

      • If it’s not available, then the customer may take their business elsewhere.

    • Have 2 different Internet access

      • 1 for the WebServer inside the DMZ

      • 1 for the employees who need an Internet connection

      • 2 Firewalls before accessing the secure network

      • This is to allow for greater availability in case of malfunction, Denial of Service (DoS) attacks, etc.


Corporate office dmz l.jpg
Corporate Office - DMZ

  • Integrity

    • Integrity is important so that you know unauthorized users did not change your data.

    • 1st Firewall - Webserver

      • Allows for the availability of an outside web presence through the DMZ, and protection of inside assets.

      • Keeps actual account data safe by allowing the web server to communicate requests to a database server further back


Corporate office dmz5 l.jpg
Corporate Office - DMZ

  • Firewall 2 - WebServer

    • Allows for IPSec (which is used to protect Confidentiality) from ATMs, so that the ATMs can directly access the account information needed.

    • Separate network to protect critical data

    • Allows for the account database information to be protected and separated from the rest of the network

      • If one machine is pwn3d, then the client data is still theoretically safe


Corporate office secure network l.jpg
Corporate Office – Secure Network

  • Firewall 1 & Router

    • 1st protection against possible attack from the Internet

    • Very strong policies

  • Firewall 2 and Switch

    • Separate network to protect critical data

    • Allows for the account database information to be protected and separated from the rest of the network

      • If one machine is pwn3d, then the client data is still theoretically safe


Corporate office7 l.jpg
Corporate Office

  • Inside It All

    • Loan Department

      • Part of work is local, part is run in the data center

      • VPN connection to 3rd party provider

    • Teller Services

      • Workstations that connect to the Teller Services Server (TSS) in the Data Center.

      • Tellers can only access the TSS from their systems.

    • Data Center

      • Contains all critical servers

    • Etc


Corporate office8 l.jpg
Corporate Office

  • 1st Firewall Rules

    • Pass IPSec packets to the 2nd router

    • Allow outside to webserver in the dmz in ssl http, otherwise, drop

    • Allow outside http to inside

    • Allow webserver in the dmz to the database server inside with encryption


Corporate office9 l.jpg
Corporate Office

  • 2nd Firewall Rules

    • Allow teller services to access from the inside to dmz for account updates

    • Allow outside to dmz for webserver and atm changes to accounts

    • Allow http to travel through from outside to inside so employees have internet access



Branch office11 l.jpg
Branch Office

  • Firewall/Router

    • Allow IPSec to travel from the branch to the database for account updates

    • Allow http in to certain machines

    • Set up a VPN connection in the Loan Department to communicate with 3rd party providers

    • Have a secondary network set up in the DMZ for traveling employee auditors to have net access but not necessarily local net access


Slide12 l.jpg
Demo

  • Router

    • Set up to simulate the first set of routers

  • Firewall

    • Set up like the first firewall

  • Webserver

    • Set up like a basic website that could be used to display account balance info

  • Database

    • Stores names and balances, very basic for demo purposes


Database rules l.jpg
Database Rules

  • Teller

    • Can read the database to look up customers

    • Has account balance write only

      • Cannot update balance if employee name matches account name

  • Branch President

    • Has account name write privileges

      • Useful if customer changes name for some reason

    • Has full read privileges

    • Can add or remove accounts

    • No balance update privileges

  • Bank President

    • Has read access to everything for audit purposes

    • No write access


Optional wireless access l.jpg
Optional Wireless access

  • The idea

    • Let customers to have access to Internet inside the corporate or a branch office

    • Control the content

    • Filter traffic

  • The problem

    • We don’t want to open the connection to the entire world

    • Especially, we don’t want employees to have access to the wireless



Optional wireless access16 l.jpg
Optional Wireless access

  • Some Solutions

    • Use MAC filtering

      • Easy to implement

      • Hard to control

      • Pain for customers

    • Use a 3rd party solution

      • Cisco Unified Wireless Network

      • Hard to implement

      • Provide good protection

      • Expensive



ad