Free Essay

How Two Banks Stopped Scams, Spams and Cybercriminals

In: Computers and Technology

Submitted By swetha24887
Words 830
Pages 4
1) List the major security problems of CNB of Oklahoma and relate them to the attack methods described in section 9.2 through 9.4.
The Security problems faced by CNB are as follows
• Malware
• Malicious software
• Unprecedented of Spam Malware, short for malicious software, is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.

Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, malicious BHOs, rogue security software, and other malicious programs; the majority of active malware threats are usually worms or trojans rather than viruses. In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. States.

Malware is different from defective software, which is a legitimate software but contains harmful bugs that were not corrected before release. However, some malware is disguised as genuine software, and may come from an official company website in the form of a useful or attractive program which has the harmful malware embedded in it along with additional tracking software that gathers marketing statistics.

Software such as anti-virus, anti-malware, and firewalls are relied upon by users at home, small and large organizations around the globe to safeguard against malware attacks which helps in identifying and preventing the further spread of malware in the network.

2) In what ways has CNB solved e-mail problems? (List specific problems and solutions.)
Problem: Most of the Power users accidentally download malicious software from web or open an email attachment that contained a virus
Solutions:
• A bank policy was introduced to block all emails with attached batched, executable and .zip files
• Accepting a friendly request from the sender and blocking or adding a specific website to the blocked list. This helped to protect the employees from receiving offensive email or illegal content.
• A technical solution from vendor Marshall was applied that successfully protected the bank from email, web based malware and offensive content
• Providing limited access to the Internet and recording the security breaches that were successful at the desktop antivirus level.

3) Given the problems of CNB and its solutions, what is an even better defense mechanism? (Use sections 9.6 through 9.10, and what you can find on the web.)
The problems and solutions implemented in CNB are The Defense II which best matches for the situation that is “SECURING E-COMMERCE”.
• Securing e-commerce covers
• Intrusion Detection Systems,
• Virtual Private Networks,
• Firewalls
• Honeynets
• Honeypots.

4) List the major security problems faced by BankWest and relate them to the attack methods described in sections 9.2 through 9.4.
The major security problems faced by BankWest of South Dakota are “NON-TECHINCAL METHOD” which are as follows
• Social Engineering
- A type of nontechnical attack that uses some hoax to trick users into revealing information or performing an action that compromises a computer or network.
• Phishing problems.
- A crime ware technique to steal identity of a target company to get the identities of its customers.
Few examples are,
• Sweetheart Schemes : It is an online relationship between a customer and an overseas user.
• Letters, postal service or e-mail : A bank customer is notified that he or she has won the lottery
• Phone Scams: They usually target elderly customers and depend on the social engineer’s ability to develop a rapport with the customer .
• Cell phone scam: A customer is told that his or her debit card has been compromised and the customer is asked to provide card details for replacement.

5) In what ways has BankWest solved the fraud schemes?
To combat with the problems at the bank, BankWest had trained customer service and front line staff to quickly target the new social engineering schemes and work with the customers to identify any suspicious emails, phone calls or in person visits from third parties. The training resulted in the launch of Information Security Employee Rewards program that awards the staff for their efforts to reduce the bank’s risk.
Training includes:
• Identifying phone scams,
• Identifying phishing email,
• Conducting monthly session.

6) Given the problems of BankWest and its solutions, what is even better defense mechanism?
The better defense mechanism is THE DEFENSE III- General Controls, Internal Controls, Compliance, and other defense Mechanisms. This helps them from “PROTECTING AGAINST SOCIAL ENGINEERING ATTACKS” Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.

Security experts propose that as our culture becomes more dependent on information, social engineering attacks will remain the greatest threat to any security system unless they are eradicated. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate.

Similar Documents

Free Essay

Dfdgfg

...Build Your Report | Symantec http://www.symantec.com/threatreport/print.jsp?id=highlights... BOOKMARK THIS PAGE | PRINT THIS PAGE | CLOSE Internet Security Threat Report Volume 17 Custom Report SHARE THIS PAGE Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010. Web based attacks increased by 36% with over 4,500 new attacks each day. 403 million new variants of malware were created in 2011, a 41% increase of 2010. SPAM volumes dropped by 34% in 2011 over rates in 2010. 39% of malware attacks via email used a link to a web page. Mobile vulnerabilities continued to rise, with 315 discovered in 2011. Only 8 zero-day vulnerabilities were discovered in 2011 compared with 14 in 2010. 50% of targeted attacks were aimed at companies with less than 2500 employees. Overall the number of vulnerabilities discovered in 2011 dropped 20%. Only 42% of targeted attacks are aimed at CEOs, Senior Managers and Knowledge Workers. In 2011 232 million identities were exposed. An average of 82 targeted attacks take place each day. Mobile threats are collecting data, tracking users and sending premium text messages. You are more likely to be infected by malware placed on a legitimate web site than one created by a hacker. Introduction Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 64.6 million attack sensors and...

Words: 44470 - Pages: 178

Free Essay

Cis 534 - Lab Manual

...CIS 534 - Advanced Network Security Design 1 CIS 534 Advanced Network Security Design CIS 534 - Advanced Network Security Design 2 Table of Contents Toolwire Lab 1:Analyzing IP Protocols with Wireshark ........................................................................ 6 Introduction ............................................................................................................................................. 6 Learning Objectives ................................................................................................................................ 6 Tools and Software ................................................................................................................................. 7 Deliverables ............................................................................................................................................. 7 Evaluation Criteria and Rubrics ........................................................................................................... 7 Hands-On Steps ....................................................................................................................................... 8 Part 1: Exploring Wireshark ............................................................................................................... 8 Part 2: Analyzing Wireshark Capture Information .......................................................................... 12 Lab #1 - Assessment Worksheet...

Words: 48147 - Pages: 193

Premium Essay

Ethics

...ETHICS IN INFORMATION TECHNOLOGY Third Edition This page intentionally left blank ETHICS IN INFORMATION TECHNOLOGY Third Edition George W. Reynolds Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Ethics in Information Technology, Third Edition by George W. Reynolds VP/Editorial Director: Jack Calhoun Publisher: Joe Sabatino Senior Acquisitions Editor: Charles McCormick Jr. Senior Product Manager: Kate Hennessy Mason Development Editor: Mary Pat Shaffer Editorial Assistant: Nora Heink Marketing Manager: Bryant Chrzan Marketing Coordinator: Suellen Ruttkay Content Product Manager: Jennifer Feltri Senior Art Director: Stacy Jenkins Shirley Cover Designer: Itzhack Shelomi Cover Image: iStock Images Technology Project Manager: Chris Valentine Manufacturing Coordinator: Julio Esperas Copyeditor: Green Pen Quality Assurance Proofreader: Suzanne Huizenga Indexer: Alexandra Nickerson Composition: Pre-Press PMG © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission...

Words: 204343 - Pages: 818

Premium Essay

Management Information Systems

...Course Technology’s Management Information Systems Instructor and Student Resources Introduction to IS/MIS Principles of Information Systems, Eighth Edition • Stair, Reynolds Fundamentals of Information Systems, Fourth Edition • Stair, Reynolds Management Information Systems, Sixth Edition • Oz Information Technology in Theory • Aksoy, DeNardis Office Applications in Business Problem-Solving Cases in Microsoft Access & Excel, Sixth Annual Edition • Brady, Monk Succeeding in Business Applications with Microsoft Office 2007 • Bast, Gross, Akaiwa, Flynn, et.al Succeeding in Business with Microsoft Office Excel 2007 • Gross, Akaiwa, Nordquist Succeeding in Business with Microsoft Office Access 2007 • Bast, Cygman, Flynn, Tidwell Databases Database Systems, Eighth Edition • Rob, Coronel Concepts of Database Management, Sixth Edition • Pratt, Adamski Data Modeling and Database Design • Umanath, Scamell A Guide to SQL, Seventh Edition • Pratt A Guide to MySQL • Pratt, Last Guide to Oracle 10g • Morrison, Morrison, Conrad Oracle 10g Titles Oracle9i Titles Enterprise Resource Planning Concepts in Enterprise Resource Planning, Third Edition • Monk, Wagner Data Communications Data Communications and Computer Networks: A Business User’s Approach, Fourth Edition • White Systems Analysis and Design Systems Analysis and Design in a Changing World, Fifth Edition • Satzinger, Jackson, Burd Object-Oriented Analysis and Design with the Unified Process • Satzinger, Jackson, Burd Systems Analysis and...

Words: 223685 - Pages: 895