1、 Case playback
At the end of 2001, an anti terrorist hacker organization named "Yihat" claimed to have invaded an Internet server operated by a national bank of a country, and the organization also showed some customer account records of the bank. "Yihat" said that the purpose of its invasion was not to damage the bank's financial system, but to find information about terrorists suspected of the "9.11" attack in the United States. A network security consultant who did not want to disclose his name confirmed that the server invaded by the bank did not have a firewall installed, which enabled unauthorized external users to invade the server through remote control. A few months later, the "Yihat" organization also said that its members had successfully invaded the network system of a bank in Sudan.
2、 Hazard analysis
In this case, the bank server was not installed with a firewall, so the insurance system would be invaded by hackers. The hacked bank network system may leak the customer's information, or even be stolen from the online bank by hackers.
3、 Problem disclosure
The establishment of firewall is very important to the security of online banking. The bank shall set up an external firewall between the network server and the Internet, and an internal firewall between the network server and the database server or the bank's internal computer system.
Firewall is the combination of software and hardware, which is used to shield and restrict external access to the internal system of the bank connected to the Internet. It checks the data packets and link modes transmitted between two or more networks according to certain security policies to determine whether the communication between networks is allowed. The protected network is called the internal network; The other party is called external network or public network. Properly designed and operated firewalls can effectively control the access and data transmission between the internal network and the external network, so as to protect the information of the internal network from the access of external unauthorized users and filter bad information. A good firewall system should have three characteristics: ① All data transmitted between the internal network and the external network must pass through the firewall; ② Only authorized legal data, that is, data allowed by the security policy in the firewall system, can pass through the firewall; ③ The firewall itself is not affected by various attacks.
As a means to realize network security, firewall technology is mainly used to deny unauthorized users access, prevent unauthorized users from accessing sensitive data, and allow legitimate users to access network resources unhindered. If used properly, the network security performance can be improved to a great extent, but it can not solve the information security problems on the network 100%. For example, although the firewall can effectively protect against external network attacks, it is powerless against attacks from internal networks. According to statistics, more than 60% of network security problems come from internal networks, and Website Design There may also be defects in the program and network management system. Therefore, it is not enough to rely solely on firewalls for network security. Banks also need to consider other technical and non-technical factors, such as the security management system covering the entire enterprise, clear operating procedures, division of responsibilities, selecting trusted personnel to be responsible for the configuration and operation of firewalls, and improving the security awareness of network management and users.
