Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
TraceSecurity Improve server networks to avoid hackers
SAN DIEGO (7/8/08)--Credit unions need to place their ATM servers onto secured private segments on their networks to avoid hackers, said TraceSecurity Chief Technology Officer Jim Stickley. Placing the servers on different networks is “not expensive,” Stickley told News Now. “It’s easy to do. But people ignore it and it comes back to bite them.” Credit unions are more likely than other financial institutions to keep their information on the same networks. About 90% of credit unions that Stickley has worked with are set up that way, he said. “Financial institutions need to do a much better job setting up their network infrastructure,” Stickley said. “Many organizations make the assumption that as long as the servers are behind a firewall they are safe. That is simply not the case.” Credit unions also should monitor their logs “for anything that falls out of the norm.” TraceSecurity disclosed last week that Citibank customers whose funds were hacked through a connection between ATMs and third parties processing their personal identification number codes are just “the tip of the iceberg” when it comes to the overall security and compliance of the networks that process ATM transactions. “Most peoples’ home personal computers are better protected from malicious hackers than many ATM servers,” he added. “Financial institutions are failing to perform patch updates to ATM servers because third-party vendors aren’t approving the patches to be applied to the systems running their ATM software. As a result, hackers could easily exploit known security holes in operating systems.” Vendors can’t always push patches right away because they change the way the codes work with ATMs’ software. In some cases, the changes could break the machines. Credit unions and banks also often forget to patch vulnerabilities because of the delayed approval from the vendor. But a month with an unpatched vulnerability is “an eternity. It’s like dog years. I’ve seen some [patches] that have taken up to a year.” Vendors must check vulnerabilities faster, Stickley said. “It’s critical. It should take a couple of days at the most.”
Other Resources

RSS





print
News Now LiveWire
.@FAACreditUnion named a top Okla workplace by @TheOklahoman via @Cornerstone_CUL http://t.co/qQP1zpxJrO
1 hours ago
NY @NYGovCuomo signs historic FOM law @NYCUAtweets http://t.co/NMTlgkpYqs
1 hours ago
Shop for Miracles day nets $450K for CUs for Kids #NewsNow #System http://t.co/N809BLkzGP
1 hours ago
2 Calif. #creditunions on why the #IOLTA reg relief bill is important. See #NewsNow http://t.co/TvBTGR3qed
2 hours ago
Sony hack linked to N. Korea, says U.S.intelligence via @nytimes http://t.co/fE3PtMgEFz
16 hours ago