Date post: | 14-Jul-2015 |
Category: |
Education |
Upload: | university-of-educationlahore |
View: | 110 times |
Download: | 1 times |
SECURITY SYSTEM IN BANKS
SUBMITTED FROM MUHAMMAD ADEEL RIAZ
SUBMITTED TO SIR INAM UL HAQ
ROLL NO. 3024
UNIVERSITY OF EDUCATION OKARA 1
UNIVERSITY OF EDUCATION LAHORE (OKARA)
TABLE OF CONTENTS
Sr. No Description Slides No
1 eBanking Security 3
2 Agenda 4
3 Targets of Attacks 5
4 Clients Attacks 6
5 Geneic Torjans 7 to 10
6 Security Measures 11 to 15
7 Visit to Bank 16to17
8 Conclusion 18
9 Refrence 19
UNIVERSITY OF EDUCATION OKARA 2
eBanking Security?
• Is eBanking still safe?
• What are the security trends in eBanking?
• What can we learn from eBanking trends for other online applications?
UNIVERSITY OF EDUCATION OKARA 3
Agenda
• eBanking Attacks
• Security Measures
• Secure Communication
• Implementations
• Outlook / Thesis
UNIVERSITY OF EDUCATION OKARA 4
Target of Attacks
Phishing Attacks Trojan Attacks
PharmingDNS SpoofingNetwork Interception
Web Application AttacksAttacking Server
UNIVERSITY OF EDUCATION OKARA 5
Client Attacks
Most promising attack on the client:• Phishing
• Motivate user to enter confidential information on fake web site
• Simple Trojans• Limited to a handful of eBanking applications• Steal username, password and one time password• Steals session information and URL and sends it to attacker• Attacker imports information into his browser to access the same account
• Generic Trojans• In the wild since 2007, but still in development• Can attack any eBanking (and any web application)• New configuration is downloaded continously
UNIVERSITY OF EDUCATION OKARA 6
Generic Trojans
• Infection of client with user interaction Email attachments (ZIP, Exe, etc.) Email with link to malicious web site Links in social networks Integrated in popular software (downloads) File transfer of instant messaging/VoIP/file sharing CD-ROM/USB Stick
• Infection of client without user interaction– Malicious web sites (drive by)– Infection of trusted, popular web sites (IFRAME …)– Misusing software update functionality (like Bundestrojaner)– Attacks on vulnerable, exposed computer (network/wireless)
Note: About 1% of Google search query results point to a web site that can lead to a drive by attack.
UNIVERSITY OF EDUCATION OKARA 7
Generic Trojans
• Features of Generic Trojans
– Hide from security tools (anti-virus/personal firewall)
– Inject code in running processes / drivers / operating system
– Capture/Redirect/Send data
– Download new configuration / functionality
– Remote control browser instance
UNIVERSITY OF EDUCATION OKARA 8
Generic Trojans(cont)
• Features useful for eBanking attacks– Send web pages of unknown eBanking to attacker– Download new patterns of eBanking transaction
forms– Modify transaction in the background (on the fly)– Collect financial information
UNIVERSITY OF EDUCATION OKARA 9
Generic Trojans(cont)
Tips and Tricks• Every Trojan binary is unique (packed differently)
– Not detectable by Anti Virus Patterns
• Trojan code is injected into other files or other processes– Personal Firewall can not block communication
• Installs in Kernel– Full privileges on system – Invisible
• Bot Networks
UNIVERSITY OF EDUCATION OKARA 10
Security Measures
• Attack Detection
• Second Channel / Secured Channel
• Secure Client
Secure Client Second ChannelSecured Channel
Attack DetectionUNIVERSITY OF EDUCATION OKARA 11
Attack Detection
• Detect session hijacking attacks
– Monitor and compare request parameters
– Identify SSL Session and IP address changes
• Transaction verification / user profiling
– Statistic about normal user behaviour
– Compare transaction with normal user behaviour
– White list target accounts
– Limits on transaction amount
UNIVERSITY OF EDUCATION OKARA 12
Security Measures(cont)
• Second Channel
– Send verification using another channel
– Another application on the client computer
– Another medium like mobile phones (SMS)
• Secured Channel
– Enter data on an external device
– External device can not be controlled by Trojan
– Externel device contains a secret key
UNIVERSITY OF EDUCATION OKARA 13
Security Measures
• Secure Platform– A computer that is only used for eBanking– Bootable CD-ROM, Bootable USB Stick– Virtual Machine– eBanking Laptop
• Secure Environment– Start an application (eg Browser) that protects itself
from Trojans– Downstripped Browser– Proprietary Application (fat client)– Verify environment before login is possible
UNIVERSITY OF EDUCATION OKARA 14
Security Trends
UNIVERSITY OF EDUCATION OKARA 15
VISIT A BANK FOR CHECKING SECURITY
• Here I was visit the Habib Bank Limited RenalaKhurd.
• its Branch code is (0557).
• HBL established operations in Pakistan in 1947 and moved its head office to Karachi.
• Having this bank is high alert banking security.
• Here Account verification automatic updates through Mobile Phone of any other networks.
UNIVERSITY OF EDUCATION OKARA 16
• Online Banking security in this bank is very high alert.
• Protecting from Hackers because its software is good and removing from all bugs and etc.
UNIVERSITY OF EDUCATION OKARA 17
Conclusions
• Here we found in the above slides that the Banking Security Management/system in Banks at Pakistan is very high.
• Banks provide security for individuals, businesses and governments, alike.
• It is prove that banks to be vulnerable to many risks, however, including credit, liquidity, market, operating, interesting rate and legal risks.
• Debit cards provide easy access to the cash in your account, but can cause you to rack up fees if you're not careful.
UNIVERSITY OF EDUCATION OKARA 18
references
• http://en.wikipedia.org/wiki/Online banking• http://www.rsa.com/node.aspx?id=1158• APACS: Online banking usage amongst over 55s up fourfold
in five years• http://www.apacs.org.uk/media centre/press/08 24
07.html• APACS: APACS announces latest fraud figures• http://www.apacs.org.uk/APACSannounceslatestfraudfigur
es.htm• Symantec SilentBanker Trojaner description
http://www.symantec.com/security_response/writeup.jsp?docid=2007-121718-1009-99&tabid=2
UNIVERSITY OF EDUCATION OKARA 19