Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
TraceSecurity Improve server networks to avoid hackers
SAN DIEGO (7/8/08)--Credit unions need to place their ATM servers onto secured private segments on their networks to avoid hackers, said TraceSecurity Chief Technology Officer Jim Stickley. Placing the servers on different networks is “not expensive,” Stickley told News Now. “It’s easy to do. But people ignore it and it comes back to bite them.” Credit unions are more likely than other financial institutions to keep their information on the same networks. About 90% of credit unions that Stickley has worked with are set up that way, he said. “Financial institutions need to do a much better job setting up their network infrastructure,” Stickley said. “Many organizations make the assumption that as long as the servers are behind a firewall they are safe. That is simply not the case.” Credit unions also should monitor their logs “for anything that falls out of the norm.” TraceSecurity disclosed last week that Citibank customers whose funds were hacked through a connection between ATMs and third parties processing their personal identification number codes are just “the tip of the iceberg” when it comes to the overall security and compliance of the networks that process ATM transactions. “Most peoples’ home personal computers are better protected from malicious hackers than many ATM servers,” he added. “Financial institutions are failing to perform patch updates to ATM servers because third-party vendors aren’t approving the patches to be applied to the systems running their ATM software. As a result, hackers could easily exploit known security holes in operating systems.” Vendors can’t always push patches right away because they change the way the codes work with ATMs’ software. In some cases, the changes could break the machines. Credit unions and banks also often forget to patch vulnerabilities because of the delayed approval from the vendor. But a month with an unpatched vulnerability is “an eternity. It’s like dog years. I’ve seen some [patches] that have taken up to a year.” Vendors must check vulnerabilities faster, Stickley said. “It’s critical. It should take a couple of days at the most.”
Other Resources

RSS





print
News Now LiveWire
Matz: Revised @TheNCUA #RBC rule for #creditunions 2 B unveiled 1/15/15, 90-day comment period to follow #newsnow http://t.co/qABhvghSTU
1 Day ago
Just announced: @TheNCUA board will consider a revised risk-based capital rule at its Jan 15 mtg. See #NewsNow Monday for more info.
1 Day ago
Nearing one-yr anniversary of data breach, @Target asks for class action suits to be dismissed via @BloombergNews http://t.co/kra6kupd35
1 Day ago
.@PeoplesTrustFCU has been recognized with the Juntos Avanzamos designation by @Cornerstone_CUL for its service to the Hispanic community
1 Day ago
#NewsNow: Rep. Hensarling names #HFSC subcommittee chairs. http://t.co/dXAMZdpn1p
1 Day ago