PHISHING ATTACKS ON E-BANKING SITE
Although complete prevention is virtually impossible, there are some logical precautionary measures that both consumers and corporations can take in an attempt to reduce the potential of being conned by phishing scams. With the understanding that there is nothing known as “100% secure”, to realize the true-value of investments in eBanking security technologies, one would expect to be aware of any developing security threats (intentional or unintentional) in real-time. Further to that you would need to respond to those threats in real-time. This needs an understanding of the events/messages/audit trail/logs being generated by various Security gadgets (Firewall, IDS, AV, Router etc) and making a co-relation between them and the events/logs of other Infrastructure components (OS, Database, web servers etc). Finally converting all this data and understanding into a meaningful readable form with knowledge of “reactions” to critical ongoing harmful or malicious “actions” in the network. In today’s complex heterogeneous network environment and multiple security technologies, along with the shortage of required skill-set, to address this task has become one of the most difficult challenges for the InfoSec department.
24X7X365 SECURITY SURVEILLANCE
A technology where all the events and log data, from multiple Security and Network components, are aggregated in a large database. This data and the correlation of log data from different components is then automatically filtered and analyzed to identify any developing threats. Finally a visual-monitoring console should also provide the responsible InfoSec analyst the ability to investigate any suspected event/activity and take recommendations from the system for “reactions”, all in real-time. This concept is also known as “Secure Operating Center” (SOC). The technology goes significantly beyond any existing security or networks management incident monitoring solution in its ability to automatically analyze voluminous data from hundreds of security tools and applications and then reduce it to a handful of true security incidents requiring some form of human interaction and/or response
INFRASTRUCTURE ENHANCEMENT
General network infrastructure design does not server the level of security required for delivering online businesses such as eBanking, therefore the mentioned infrastructure enhancement should be considered for designing resilient network for banks.