MEMBERS' NAME

MUHAMMAD MUZAMMIL BIN ABDUL RASHID ( AI 160173 )

MOHAMMAD AMIRUL AZFAR BIN NORDIN ( AI 160038 )
FATIMAH ANISAH BINTI MOHD ZUHAIRI ( CI 160004 )
KHAIRUL KHALISH BIN ABDUL LAJIS ( AI 160108 )
NUR NADIA BINTI MOHD NADZREN ( AI 160150)
NETWORK INFORMATION SECURITY

• Firewall perimeter security: Remote secure host connections

through SSL-VPN without going affecting company information
systems.

• Proxy Server: To speed up and comply with authentication

laws.

• Encryption: To safeguard data and keep it private when

moving.
RISK ASSESSMENT

• Use of an Antivirus and a Firewall means that we are

conscious of the problem, but it’s a means and not an end for
the problem.
• Proper planning of security policies and includes operating
procedures and technology implementation.
COMPUTER NETWORK
COMPUTERIZED BANKING SYSTEMS

• Data Entry
Processing presumes data entry. A bank customer operates an ATM
facility to make a withdrawal.
•Data Validation
This validation is made by the 'Error Detection' and 'Error
Correction' procedures.
•Banking framework
Application environment of the computerized Banking system.
• Processing and Revalidation
The processing of data occurs almost instantaneously in case of
Online Transaction Processing (OLTP) provided a valid data has
been fed to the system.
•Storage
Processed actions, as described above, result into financial
transaction data i.e. withdrawal of money by a particular customer,
are stored in transaction database of computerized personal banking
system.
•Information
The stored data is processed making use of the Query facility to
produce desired information.
•Reporting
Reports can be prepared on the basis of the required information
content according to the decision usefulness of the report.
•Operating procedure
A well-conceived and designed operating procedure blended with
suitable operating environment of the enterprise is necessary to work
with the computerized Banking system.
SECURITY SYSTEM
• 1.CCTV (Videos): To monitor and record activity of any suspicious
behaviour
• 2.Alarm system: To signal authorities in the instance of threat.
• 3.Perimeter protection: Secures doors and windows
• 4.Interior protection: Electronic sensors, controls and equipment
• 5.User-identification codes: Every employee has an ID code to enter or exit
the building.
• 6.Cloud computing: Can help financial institutions improve performance in
a number of ways.
• 7.Firewall and Routers: Implemented system firewalls forming a barrier
between the bank’s internal systems and the Internet.
• 8.Access online transaction: assess specific attributes
• 9.Adopt strong authentication standard: Don’t use weak or simple
username and passwords .
• 10.Extended Validation Secure Socket Layer (SSL) digital certificates: Is a
protocol designed to provide security and data integrity.
• 11.Secure Seal (SS): Anti-fraud technology
• 12.Biometric device: e.g.: Fingerprinting device
• 13.One-time password (OTP): can be implemented using a hash-chain
• 14.Digital Code Lock: For every door or locker cluster. Give alert sound
when any mismatch occurs.
• 15.Secured application or virtualization: Virtual operating system on host
system.
• 16.Secure transaction signing: Transaction details and unlock code on
mobile(SMS).
• 17.Chip Authentication Program (CAP): is a new protocol based on the older
EMV standard.
• 18.RSA SecurID: the 6 to 8-digit response of the SecurID tokens is computed
over the PIN using AES algorithm.
• 19.Multi-Factor Authentication: The incorporation of Multi-Factor Authentication
into the NetTeller online banking product creates the ability for First Security
Bank .
ACCESS CONTROL

• 24 hours secure system

• Access card
• Logs review
• Biometric scan
• Automatic log out for for user account
• Computer server
• Password
• Network monitoring system
WEB SITES

• Generally secured.
• 24 hours access.
• Business online.
• Email alerts .
• Balance alerts.
• Deposit/Withdrawal alerts.
• Negative balance alerts
• Bill pay reminders and confirmations
• Secure message alerts.
• Priority online notifications.
• Online investment.
• Insurance.
• Loans.
• Online banking application.
AUTOMATED TAILER MACHINE NETWORK

• ATM associated network:1. User

2. ATM machine.
3. Bank computer software.
• Threats involving ATM:
1. ATM Skimming Card
- a crime in banking
- by capturing data from magnetic strip on ATM card

2. PIN capturing
- attach cameras to ATM to capture user’s pin
• How the threats work:
1. Skimming devices
- place at card reader slot
- to read the data at black line behind bank card

2. PIN capturing devices

- difficult to establish
- in fascia plate
- insert it have devices to capture pin
Security features

• 1 . TCP ( Transmission Control Protocol )

• 2. Connection oriented protocol
• 3. NMP ( Network Management Protocol )
• 4. Alarm
• 5. Audit
• 6. Zero-Trust Security
• 7. Machine removal
• 8. Heat detection
ATM Security Measures

• 1.Physical Security Measures

(i) perimeter surveillance
(ii) access control
(iii) central monitoring system
• 2.Logical Security Measures
(i) firewall
(ii) encryption technologies
(iii) tracking and monitoring system
BANK'S INFORMATION SECURITY POLICY

• Firewall Policy

- Documentations
- Connections between machine
- Regular Testing
- Logs
-Intrusion Detection system
- Contingency Planning
• Server Security Policy

- Documentations
- Connections between server
- Power backup
- Logs
- Contingency Planning
• Remote Access Tool Policy

-Access to the Internet strictly limited authorized users.

-Responsible to prevent unauthorized user to intrude any
data.
-Remote access must strictly be controlled with high
security encryption.
-Authorised user must protect their log in and password.
• Contingency Planning Policy

-All backups need to be stored in a safe place.

-All the details of the backups need to be documented.
-Fail over test must be done at every branch at least twice a
year.
-Ensure that if any failure happens, inform Information
Technology management immediately.
-Use contingency plan as alternative ways need to be solve
maximum is one hour except for any special case
• Software Installation Policy

-Software that can be installed must be documented and

distributed to administrators of all branch.
-Trusted source of software must be documented and
distributed to administrators of all branch.
-Software that is not in the software list that can be installed
need to be proved by Information security teams.
• Password Policy

-Principles of Password Security .

-Monitoring & Auditing .
-Password Standard.
-Password Length .
-Password Complexity.
-Password History.
-Password Aging.
-Password security