Security is one of the most important aspects that we demand from each service we use everyday in the highly developed technological world and especially in the World Wide Web. How much secure are we? How much dangerous the insecurity might be? It mostly depends on the sphere and the level of threats, whether privacy is under threat or our personal details as consumers of the banks are expected to be reachable by hackers. According to IP-ATM Security banks and financial institutions are failing to properly secure their ATMs. IP-ATM Security identifies three main threats to ATMs. These are:
Internet protocol (IP) worms;
Disruption of the IP network and denial of service;
The harvesting of consumers’ transaction data for malicious purposes
The harvesting of consumers’ transaction data for malicious purposes gives opportunities to hackers collect consumers’ personal details, their card number, account balance and transaction history.
According to the SourceWire press release there are several reasons ATMs have become less secure. One of them is the way in which ATMs operate. ATMs hardware platforms with proprietary software and communications protocols have been migrated to commodity-embedded hardware platforms (essentially PC-based with Intel microprocessors), commodity operating systems (primarily Window and Linux), and standard IP networking. “70 per cent of current ATMs are now based on PC/Intel hardware and commodity operating systems (mostly Windows XP embedded) and this trend is expected to continue. Essentially, these new ATMs are PCs that are running PC operating systems, using the standard Internet Protocol (IP) with some additional peripherals housed in a secure vault-like box.”
No change is done if there are not advantages in the newer system. Among the advantages of the new system are: cost; performance; flexibility; standardization and enhanced functionality
And there is no coin with one side. Advantages are faded by threats the name of that is “hackers.”
2008 analysis of ATM network traffic by Network Box “found that only the PIN number was encrypted and that a large portion of the traffic travelled in plain text, leaving card numbers, card expiry dates, transaction amounts and account balances clearly readable. Therefore, a hacker needs only to access some part of the IP network between the IP-ATM and the payment processor to be privy to the aforementioned details.”ATM finds the most effective way to solve the issues is to use a multifunction device with:
Routing,
Firewall,
IDS/IPS,
VPN capabilities,
Protecting, the ATM network.
The specifics of the network are:
Separate from the rest of the bank’s network, monitor and control.
Encrypt all traffic coming out of the ATM machinesThe growth of the ATM marketAccording to SourceWire Mark Webb-Johnson, CTO of Network Box, comments: “Most people simply assume that because an ATM is invariably provided by a bank, the transactions and the data being transmitted must be secure. This assumption may have been true in the past, but today ATMs operate in a way that makes them far more susceptible to attack. “We’ve already seen in August 2003 how the Nachi (aka Welchia) Internet worm crossed over into ‘secure’ networks and infected ATMs for two financial institutions; and we’ve witnessed the SQL Slammer (aka Sapphire) worm indirectly shutdown 13,000 Bank of America ATMs. The chances are that if banks don’t use technology that can actually provide an effective level of protection – technology that is already on the market – then it is very likely that more high-profile attacks are to follow.”
No comments:
Post a Comment