Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
TraceSecurity Improve server networks to avoid hackers
SAN DIEGO (7/8/08)--Credit unions need to place their ATM servers onto secured private segments on their networks to avoid hackers, said TraceSecurity Chief Technology Officer Jim Stickley. Placing the servers on different networks is “not expensive,” Stickley told News Now. “It’s easy to do. But people ignore it and it comes back to bite them.” Credit unions are more likely than other financial institutions to keep their information on the same networks. About 90% of credit unions that Stickley has worked with are set up that way, he said. “Financial institutions need to do a much better job setting up their network infrastructure,” Stickley said. “Many organizations make the assumption that as long as the servers are behind a firewall they are safe. That is simply not the case.” Credit unions also should monitor their logs “for anything that falls out of the norm.” TraceSecurity disclosed last week that Citibank customers whose funds were hacked through a connection between ATMs and third parties processing their personal identification number codes are just “the tip of the iceberg” when it comes to the overall security and compliance of the networks that process ATM transactions. “Most peoples’ home personal computers are better protected from malicious hackers than many ATM servers,” he added. “Financial institutions are failing to perform patch updates to ATM servers because third-party vendors aren’t approving the patches to be applied to the systems running their ATM software. As a result, hackers could easily exploit known security holes in operating systems.” Vendors can’t always push patches right away because they change the way the codes work with ATMs’ software. In some cases, the changes could break the machines. Credit unions and banks also often forget to patch vulnerabilities because of the delayed approval from the vendor. But a month with an unpatched vulnerability is “an eternity. It’s like dog years. I’ve seen some [patches] that have taken up to a year.” Vendors must check vulnerabilities faster, Stickley said. “It’s critical. It should take a couple of days at the most.”
Other Resources

RSS print
News Now LiveWire
Thanks for following our tweets on the NCUA's #listeningsession.
1 hours ago
RT @IllinoisLeague: Mike Daugherty, CEO, Community Plus FCU: I'd like to you to reconsider your repeated 'No's' #listeningsession #fixRBC h…
2 hours ago
CU says definition of complex CU needs to be reviewed, and not just based on asset size. NCUA: We are looking at that. #listeningsession
2 hours ago
NCUA says lots of resources go 2 examiner training,but there's much turnover.Invites ideas on how to improve exam training.#listeningsession
2 hours ago
CU tells NCUA that more benefit could be gained by better examiner training than imposing this "unnecessary" RBC system at #listeningsession
2 hours ago