The Anti-Cyber Attack Tool Kit
Credit unions are a growing target for cyberattacks-and IT executives are turning to an elaborate tool kit to face the threat.
"Like many others, we've had to spend tens of thousands of dollars and hundreds of hours of valuable IT employee time putting in preventative measures to protect against the silly people who create problems on the Internet," explained Sam Tuohey, vice president of Information Systems at $584-million Stanford FCU in Palo Alto, Calif.
Hackers, using a growing battery of worms, viruses and spyware, are going for the gold, ramping up attacks against financial institutions, according to a number of industry analysts and vendors.
In response, credit unions are monitoring their networks with an endless list of technologies and policies, including anti-virus, firewall, intrusion prevention, patching and spam filtering software, and routers, proxy servers and access lists.
"Cybercrime prevention requires us to bring all the relevant tools together to maximize our protection," said Dick Bastiansen, senior vice president of operations and manager of information systems at $1.1-billion HarborOne CU in Brockton, Mass.
A number of credit union IT executives recently told The Credit Union Journal just what they use-and how they think-in building a fortress against cyberattacks.
* The Layered Approach. The layers may be a little different, but the approach is the same: An assortment of defenses makes a network harder to penetrate. Many CUs use a medley of tools to protect servers and applications both inside and outside the network.
"Our Internet traffic is filtered by our Internet routers, which are configured to block unwanted Internet traffic through access lists and Intrusion Prevention Systems," explained Rob Guilford, senior vice president of information technology at $2.7-billion Wescom CU in Pasadena, Calif.
"These Intrusion Prevention Systems identify cyberattack patterns and block them automatically or provide detailed warnings of unusual or irregular patterns of traffic," Guilford continued. "A second layer of defense is our firewalls and the limits and protections incorporated in these firewalls. Finally, our Intrusion Detection Systems are in place beyond the firewalls for early detection and blocking of unauthorized traffic."
Stanford FCU takes a similar tack, using a Cisco 3660 router with Border Gateway Control and a Checkpoint Firewall to control and log Internet traffic, said Tuohey. In addition, proxy servers add an extra layer of protection to critical secure services on the web.
User Restrictions add to the Layered Approach at HarborOne CU. "Internet access is restricted to authorized users, accessible sites are restricted based on business need, e-mail access is limited, and network and workstation policies have all been reviewed and locked down unless needed," said Bastiansen.
The CU controls software installation and data retrieval by disabling input/output devices on all workstations, he said.
In addition, HarborOne employees can't use instant messaging, streaming video, or external sites to retrieve e-mail-and each new employee signs a security policy statement, Bastiansen added.
Wescom CU keeps a lock on workstation operating systems with Microsoft Windows Active Directory and controls web access with Websense, Inc.'s employee Internet management solution, said Guilford.
Stanford FCU sets stringent password policies, including encrypting passwords both on systems and in transit, Tuohey said. Online banking members must change passwords every six months using both alpha and numeric characters. New password notifications are then mailed to member's homes.
Intrusion Prevention, Anti-Virus and Spam Filtering Software: Symantec's Norton Antivirus software seems to be a popular choice for credit unions trying to protect Windows-based systems and email servers.
"Norton's centralized management enables all of our servers and workstations to check with our management server every 15 minutes for the newest virus definitions," said Annette Zimmerman, chief information officer at $1.4-billion Mountain America FCU in West Jordan, Utah.
"The IT team is also alerted if a virus is detected so appropriate action can be taken," she said.
Mountain America also uses Symantec's Filtering for SMTP Gateways to protect the network from approximately 3,000 spam and 150 virus-infected messages daily. Zimmerman continued. "The product scans all inbound e-mail for viruses and spam, logging and dropping any email found to contain either before it ever gets to our mail servers."
Spam filtering software block one-third of emails sent to Stanford FCU, said Tuohey.
Patching and security oversight occupies one full-time employee at Wescom CU. "We consistently patch all web servers for any security vulnerabilities and disable unwanted services from these servers," Guilford explained. In addition, patches are tested and then automatically pushed to more than 150 servers and 1,000 workstations.
Zimmerman uses Microsoft's Software Update Service to ensure servers are patched, daily if necessary.
Audits: Credit unions aren't doing it all for themselves-a third party conducts monthly or annual audits at many CUs.
"Our network is always stronger after an audit is conducted," Tuohey said.
That's because credit unions make changes to their networks based on any vulnerabilities a third party unearths, Zimmerman added.
Elaborate security precautions have left many IT execs feeling pretty secure. For example, "Wescom Credit Union's confidence level in fighting cyberattacks is exceptionally high," Guilford said.
For more info:
* HarborOne CU at www.harboronecu.com
* Mountain America CU at www.macu.org
* Stanford FCU at www.sfcu.org
* Wescom CU at www.wescom.org