Skip to content

Is Our Network Really Secure?

Answered by: 

Question: 
We feel that our network is very secure against attacks that originate on the Internet. Are there other areas about which we should be concerned?
Answer: 

Many times the Internet may be in fact the most difficult way to penetrate the financial institution's network. Direct dial to a modem may be easier. Using simple communications utilities and software such as Hyperterminal or PC Anywhere, you can test direct dial connections for vulnerabilities. If the modem is left on, it is sometimes fairly easy to establish a connection and get a login screen. Hopefully, the penetration will end there if user identification and password protection is activated.

Unbeknownst to financial institution management, vendors sometimes leave security holes in networks so vendor support personnel can dial in conveniently. Such dial-in access should be restricted to the authorized vendor, and the modem should be turned off until vendor support personnel call and request access.

Be aware that some vendors use very simple user identification and password combinations for their access, so just because this security feature is activated does not mean that adequate security is in place.

Your overall Information Security Program should include the proper risk assessments, policies, external and internal IT audits and reviews, network vulnerability assessments, network security technology (i.e., firewalls, anti-virus, intrusion detection systems, ongoing vulnerability scanning, content filtering, etc.), and security awareness and education for your end users, as most security threats continue to be internal.

First published on BankersOnline.com 08/14/06

First published on 08/14/2006

Search Topics