Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

CU System
TraceSecurity Improve server networks to avoid hackers
SAN DIEGO (7/8/08)--Credit unions need to place their ATM servers onto secured private segments on their networks to avoid hackers, said TraceSecurity Chief Technology Officer Jim Stickley. Placing the servers on different networks is “not expensive,” Stickley told News Now. “It’s easy to do. But people ignore it and it comes back to bite them.” Credit unions are more likely than other financial institutions to keep their information on the same networks. About 90% of credit unions that Stickley has worked with are set up that way, he said. “Financial institutions need to do a much better job setting up their network infrastructure,” Stickley said. “Many organizations make the assumption that as long as the servers are behind a firewall they are safe. That is simply not the case.” Credit unions also should monitor their logs “for anything that falls out of the norm.” TraceSecurity disclosed last week that Citibank customers whose funds were hacked through a connection between ATMs and third parties processing their personal identification number codes are just “the tip of the iceberg” when it comes to the overall security and compliance of the networks that process ATM transactions. “Most peoples’ home personal computers are better protected from malicious hackers than many ATM servers,” he added. “Financial institutions are failing to perform patch updates to ATM servers because third-party vendors aren’t approving the patches to be applied to the systems running their ATM software. As a result, hackers could easily exploit known security holes in operating systems.” Vendors can’t always push patches right away because they change the way the codes work with ATMs’ software. In some cases, the changes could break the machines. Credit unions and banks also often forget to patch vulnerabilities because of the delayed approval from the vendor. But a month with an unpatched vulnerability is “an eternity. It’s like dog years. I’ve seen some [patches] that have taken up to a year.” Vendors must check vulnerabilities faster, Stickley said. “It’s critical. It should take a couple of days at the most.”
Other Resources

RSS





print
News Now LiveWire
Record # of applicants for Crash the GAC means every state & D.C. will B represented by young #CU professional at #CUNAGAC #crashthegac15
15 hours ago
.@WOCCU and @CUNA are co-hosting 2015 America’s CU Conference July 12-15 in Denver. Registration is open here: http://t.co/FanFeaO0bC
15 hours ago
Recording of @CUNA Jan. 26 #rbc2 webinar is now available online here: http://t.co/jgxkd65Fj0 Just sign in and listen.
16 hours ago
.@SEC_News 2/19 proxy voting roundtable: contested director elections, increasing retail shareholder participation http://t.co/8k0p6ZvNL8
16 hours ago
.@TheNCUA posted resources 2 help consumers protect themselves,take action if they believe they were ID theft victims:http://t.co/HVaikbuT9H
17 hours ago