Security system in banks

SECURITY SYSTEM IN BANKS

SUBMITTED FROM MUHAMMAD ADEEL RIAZ

SUBMITTED TO SIR INAM UL HAQ

ROLL NO. 3024

UNIVERSITY OF EDUCATION OKARA 1

UNIVERSITY OF EDUCATION LAHORE (OKARA)

TABLE OF CONTENTS

Sr. No Description Slides No

1 eBanking Security 3

2 Agenda 4

3 Targets of Attacks 5

4 Clients Attacks 6

5 Geneic Torjans 7 to 10

6 Security Measures 11 to 15

7 Visit to Bank 16to17

8 Conclusion 18

9 Refrence 19


eBanking Security?

• Is eBanking still safe?

• What are the security trends in eBanking?

• What can we learn from eBanking trends for other online applications?


Agenda

• eBanking Attacks

• Security Measures

• Secure Communication

• Implementations

• Outlook / Thesis


Target of Attacks

Phishing Attacks Trojan Attacks

PharmingDNS SpoofingNetwork Interception

Web Application AttacksAttacking Server


Client Attacks

Most promising attack on the client:• Phishing

• Motivate user to enter confidential information on fake web site

• Simple Trojans• Limited to a handful of eBanking applications• Steal username, password and one time password• Steals session information and URL and sends it to attacker• Attacker imports information into his browser to access the same account

• Generic Trojans• In the wild since 2007, but still in development• Can attack any eBanking (and any web application)• New configuration is downloaded continously


Generic Trojans

• Infection of client with user interaction Email attachments (ZIP, Exe, etc.) Email with link to malicious web site Links in social networks Integrated in popular software (downloads) File transfer of instant messaging/VoIP/file sharing CD-ROM/USB Stick

• Infection of client without user interaction– Malicious web sites (drive by)– Infection of trusted, popular web sites (IFRAME …)– Misusing software update functionality (like Bundestrojaner)– Attacks on vulnerable, exposed computer (network/wireless)

Note: About 1% of Google search query results point to a web site that can lead to a drive by attack.


Generic Trojans

• Features of Generic Trojans

– Hide from security tools (anti-virus/personal firewall)

– Inject code in running processes / drivers / operating system

– Capture/Redirect/Send data

– Download new configuration / functionality

– Remote control browser instance


Generic Trojans(cont)

• Features useful for eBanking attacks– Send web pages of unknown eBanking to attacker– Download new patterns of eBanking transaction

forms– Modify transaction in the background (on the fly)– Collect financial information


Generic Trojans(cont)

Tips and Tricks• Every Trojan binary is unique (packed differently)

– Not detectable by Anti Virus Patterns

• Trojan code is injected into other files or other processes– Personal Firewall can not block communication

• Installs in Kernel– Full privileges on system – Invisible

• Bot Networks


Security Measures

• Attack Detection

• Second Channel / Secured Channel

• Secure Client

Secure Client Second ChannelSecured Channel

Attack DetectionUNIVERSITY OF EDUCATION OKARA 11

Attack Detection

• Detect session hijacking attacks

– Monitor and compare request parameters

– Identify SSL Session and IP address changes

• Transaction verification / user profiling

– Statistic about normal user behaviour

– Compare transaction with normal user behaviour

– White list target accounts

– Limits on transaction amount


Security Measures(cont)

• Second Channel

– Send verification using another channel

– Another application on the client computer

– Another medium like mobile phones (SMS)

• Secured Channel

– Enter data on an external device

– External device can not be controlled by Trojan

– Externel device contains a secret key


Security Measures

• Secure Platform– A computer that is only used for eBanking– Bootable CD-ROM, Bootable USB Stick– Virtual Machine– eBanking Laptop

• Secure Environment– Start an application (eg Browser) that protects itself

from Trojans– Downstripped Browser– Proprietary Application (fat client)– Verify environment before login is possible


Security Trends


VISIT A BANK FOR CHECKING SECURITY

• Here I was visit the Habib Bank Limited RenalaKhurd.

• its Branch code is (0557).

• HBL established operations in Pakistan in 1947 and moved its head office to Karachi.

• Having this bank is high alert banking security.

• Here Account verification automatic updates through Mobile Phone of any other networks.


• Online Banking security in this bank is very high alert.

• Protecting from Hackers because its software is good and removing from all bugs and etc.


Conclusions

• Here we found in the above slides that the Banking Security Management/system in Banks at Pakistan is very high.

• Banks provide security for individuals, businesses and governments, alike.

• It is prove that banks to be vulnerable to many risks, however, including credit, liquidity, market, operating, interesting rate and legal risks.

• Debit cards provide easy access to the cash in your account, but can cause you to rack up fees if you're not careful.


references

• http://en.wikipedia.org/wiki/Online banking• http://www.rsa.com/node.aspx?id=1158• APACS: Online banking usage amongst over 55s up fourfold

in five years• http://www.apacs.org.uk/media centre/press/08 24

07.html• APACS: APACS announces latest fraud figures• http://www.apacs.org.uk/APACSannounceslatestfraudfigur

es.htm• Symantec SilentBanker Trojaner description

http://www.symantec.com/security_response/writeup.jsp?docid=2007-121718-1009-99&tabid=2


Date post:	14-Jul-2015
Category:	Education
Upload:	university-of-educationlahore
View:	110 times
Download:	1 times

Security system in banks

Education