Natinal Westminster Bancrop
AT BANKS, there are a lot of departmental local area networks, which are often mn in part by LAN administrators who report into the business units. Certain people take these jobs seriously and others might not have the technical background to handle proper data security, data backup, and physical security.
One of the things we are doing at Natwest is migrating away from departmental LANs to what we call "Building LANs ." In other words, in a building where we might have four or five separate departmental LANs, we are going to install equipment that allows us to integrate all these LANs into one big configuration. That will allow us to insure that all the equipment, the LAN servers, and the technology will be in secure room. We're also minimizing the amount of "dial-in" into our networks as well as using authentication smart cards here, which insure that the person dialing-in is allowed to have access. In addition, we're migrating to centralized LAN administration and data security.
John Miford Jr.
Chief of operations
THE CRITICAL ELEMENT is the incorporation of policies that insure the positive authentification of users who are obtaining access to information. The most important is establishing audit trails and being able to identify who and what received particular pieces of information. When you look at protecting information, the first thing you want to look at is protecting or controlling the liabilities. In general, the degree of protection you want to provide is proportional to the degree of exposure you have.
If you are looking at an environment that constitutes a significant liability, you need to go beyond authenticating who is gaining access to that information and get into authentication and access control or assessment of fights and privileges to prevent unauthorized users from gaining access to information.
Serge P. Beauregard
Corporate vice president
THERE ARE THREE ISSUES. The first is physical security. Banks need hardware technology to build a hardware firewall to prevent unauthorized access by hackers. The next issue is viruses. Banks have to have rigorous virus protection in place. They need to treat virus protection like a hot site backup system. This means testing and retesting, and not taking virus protection for granted. Third: banks need a rock-solid security system. I work in a lot of banks, and usually their security systems open the "barn door" as wide as can be. They've got security, but they don't use what they have properly.
Again, most banks have technology that would enable them to have a very secure system, but it's a management issue. You can buy the hardware firewall, the virus protection software, and the security in a system. But a really determined thief can do a lot of damage at a bank because there are failures on the bank's management side. Banks need to have a security program that is audited and tested every day.
Robert Ellis Smith
BANKS can protect data by changing passwords frequently as employees leave or become disenchanted. Banks should also take care not to post passwords on bulletin boards or on the edges of computer consoles. It's also important to encrypt data where there is extremely sensitive information. They should also continually supervise and check the credentials of people who deal with sensitive information, because most computer infiltration comes from within - by dishonorable employees. Banks should also be more conscientious about faxing and sending by E-mall financial information or other sensitive information.
Anthony M Ficarra
Chief Information officer
THERE ARE TWO DIFFERENT components to be considered. If a bank is running a LAN architecture with file servers, they almost have to accept as a fact that they've moved the "glass wall" of the computer room to a much more exposed environment.
To us, that file server almost needs to be surrounded by the processing that we did in glassed environment. In many cases, our own file servers are kept under physical security as well as logical and software security. I think the banks need to accept this concept. We follow backup procedures and processes that very much look like ones we used in the glass-wall environment. Backups are done on a highly standardized and highly scheduled basis. Tapes are rotated off site. We actually treat the file server structure as we would any mainframe computer room environment.
Per Olof Ezelius
Chief executive officer
Network Controls International Inc.
THE MOST EFFECTIVE WAY to protect data is to control access to it, logically and physically. Diskette drives pose, by far, the largest security and integrity exposure as they provide the easiest "mechanism" to withdraw or to introduce data.
Networks can incorporate firmware the system software permanently stored in a computer's read only memory - residing on local area network connectivity adapters that disables the floppy diskette drives on PC workstations, preventing employees from "withdrawing" sensitive data or "introducing" personal programs. This method protects banks against unauthorized access and provides protection against accidental viruses.