the banking group l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
The Banking Group PowerPoint Presentation
Download Presentation
The Banking Group

Loading in 2 Seconds...

play fullscreen
1 / 17

The Banking Group - PowerPoint PPT Presentation


  • 312 Views
  • Uploaded on

The Banking Group Jeremy Attali Josh Gerdes William Kormos Matt Tjarks Basic Diagram Corporate Office Availability Availability is a basic of security. If it’s not available, then the customer may take their business elsewhere. Have 2 different Internet access

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The Banking Group' - omer


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the banking group

The Banking Group

Jeremy Attali

Josh Gerdes

William Kormos

Matt Tjarks

corporate office
Corporate Office
  • Availability
    • Availability is a basic of security.
      • If it’s not available, then the customer may take their business elsewhere.
    • Have 2 different Internet access
      • 1 for the WebServer inside the DMZ
      • 1 for the employees who need an Internet connection
      • 2 Firewalls before accessing the secure network
      • This is to allow for greater availability in case of malfunction, Denial of Service (DoS) attacks, etc.
corporate office dmz
Corporate Office - DMZ
  • Integrity
    • Integrity is important so that you know unauthorized users did not change your data.
    • 1st Firewall - Webserver
      • Allows for the availability of an outside web presence through the DMZ, and protection of inside assets.
      • Keeps actual account data safe by allowing the web server to communicate requests to a database server further back
corporate office dmz5
Corporate Office - DMZ
  • Firewall 2 - WebServer
    • Allows for IPSec (which is used to protect Confidentiality) from ATMs, so that the ATMs can directly access the account information needed.
    • Separate network to protect critical data
    • Allows for the account database information to be protected and separated from the rest of the network
      • If one machine is pwn3d, then the client data is still theoretically safe
corporate office secure network
Corporate Office – Secure Network
  • Firewall 1 & Router
    • 1st protection against possible attack from the Internet
    • Very strong policies
  • Firewall 2 and Switch
    • Separate network to protect critical data
    • Allows for the account database information to be protected and separated from the rest of the network
      • If one machine is pwn3d, then the client data is still theoretically safe
corporate office7
Corporate Office
  • Inside It All
    • Loan Department
      • Part of work is local, part is run in the data center
      • VPN connection to 3rd party provider
    • Teller Services
      • Workstations that connect to the Teller Services Server (TSS) in the Data Center.
      • Tellers can only access the TSS from their systems.
    • Data Center
      • Contains all critical servers
    • Etc
corporate office8
Corporate Office
  • 1st Firewall Rules
    • Pass IPSec packets to the 2nd router
    • Allow outside to webserver in the dmz in ssl http, otherwise, drop
    • Allow outside http to inside
    • Allow webserver in the dmz to the database server inside with encryption
corporate office9
Corporate Office
  • 2nd Firewall Rules
    • Allow teller services to access from the inside to dmz for account updates
    • Allow outside to dmz for webserver and atm changes to accounts
    • Allow http to travel through from outside to inside so employees have internet access
branch office11
Branch Office
  • Firewall/Router
    • Allow IPSec to travel from the branch to the database for account updates
    • Allow http in to certain machines
    • Set up a VPN connection in the Loan Department to communicate with 3rd party providers
    • Have a secondary network set up in the DMZ for traveling employee auditors to have net access but not necessarily local net access
slide12
Demo
  • Router
    • Set up to simulate the first set of routers
  • Firewall
    • Set up like the first firewall
  • Webserver
    • Set up like a basic website that could be used to display account balance info
  • Database
    • Stores names and balances, very basic for demo purposes
database rules
Database Rules
  • Teller
    • Can read the database to look up customers
    • Has account balance write only
      • Cannot update balance if employee name matches account name
  • Branch President
    • Has account name write privileges
      • Useful if customer changes name for some reason
    • Has full read privileges
    • Can add or remove accounts
    • No balance update privileges
  • Bank President
    • Has read access to everything for audit purposes
    • No write access
optional wireless access
Optional Wireless access
  • The idea
    • Let customers to have access to Internet inside the corporate or a branch office
    • Control the content
    • Filter traffic
  • The problem
    • We don’t want to open the connection to the entire world
    • Especially, we don’t want employees to have access to the wireless
optional wireless access16
Optional Wireless access
  • Some Solutions
    • Use MAC filtering
      • Easy to implement
      • Hard to control
      • Pain for customers
    • Use a 3rd party solution
      • Cisco Unified Wireless Network
      • Hard to implement
      • Provide good protection
      • Expensive