SlideShare a Scribd company logo
1 of 19
Download to read offline
SECURITY SYSTEM IN BANKS
SUBMITTED FROM MUHAMMAD ADEEL RIAZ
SUBMITTED TO SIR INAM UL HAQ
ROLL NO. 3024
UNIVERSITY OF EDUCATION OKARA 1
UNIVERSITY OF EDUCATION LAHORE
(OKARA)
TABLE OF CONTENTS
Sr. No Description Slides No
1 eBanking Security 3
2 Agenda 4
3 Targets of Attacks 5
4 Clients Attacks 6
5 Geneic Torjans 7 to 10
6 Security Measures 11 to 15
7 Visit to Bank 16to17
8 Conclusion 18
9 Refrence 19
UNIVERSITY OF EDUCATION OKARA 2
eBanking Security?
• Is eBanking still safe?
• What are the security trends in eBanking?
• What can we learn from eBanking trends for
other online applications?
UNIVERSITY OF EDUCATION OKARA 3
Agenda
• eBanking Attacks
• Security Measures
• Secure Communication
• Implementations
• Outlook / Thesis
UNIVERSITY OF EDUCATION OKARA 4
Target of Attacks
Phishing Attacks
Trojan Attacks
Pharming
DNS Spoofing
Network Interception
Web Application Attacks
Attacking Server
UNIVERSITY OF EDUCATION OKARA 5
Client Attacks
Most promising attack on the client:
• Phishing
• Motivate user to enter confidential information on fake web site
• Simple Trojans
• Limited to a handful of eBanking applications
• Steal username, password and one time password
• Steals session information and URL and sends it to attacker
• Attacker imports information into his browser to access the same account
• Generic Trojans
• In the wild since 2007, but still in development
• Can attack any eBanking (and any web application)
• New configuration is downloaded continously
UNIVERSITY OF EDUCATION OKARA 6
Generic Trojans
• Infection of client with user interaction
 Email attachments (ZIP, Exe, etc.)
 Email with link to malicious web site
 Links in social networks
 Integrated in popular software (downloads)
 File transfer of instant messaging/VoIP/file sharing
 CD-ROM/USB Stick
• Infection of client without user interaction
– Malicious web sites (drive by)
– Infection of trusted, popular web sites (IFRAME …)
– Misusing software update functionality (like Bundestrojaner)
– Attacks on vulnerable, exposed computer (network/wireless)
Note: About 1% of Google search query results point to a web site that can
lead to a drive by attack.
UNIVERSITY OF EDUCATION OKARA 7
Generic Trojans
• Features of Generic Trojans
– Hide from security tools (anti-virus/personal
firewall)
– Inject code in running processes / drivers /
operating system
– Capture/Redirect/Send data
– Download new configuration / functionality
– Remote control browser instance
UNIVERSITY OF EDUCATION OKARA 8
Generic Trojans(cont)
• Features useful for eBanking attacks
– Send web pages of unknown eBanking to attacker
– Download new patterns of eBanking transaction
forms
– Modify transaction in the background (on the fly)
– Collect financial information
UNIVERSITY OF EDUCATION OKARA 9
Generic Trojans(cont)
Tips and Tricks
• Every Trojan binary is unique (packed differently)
– Not detectable by Anti Virus Patterns
• Trojan code is injected into other files or other processes
– Personal Firewall can not block communication
• Installs in Kernel
– Full privileges on system
– Invisible
• Bot Networks
UNIVERSITY OF EDUCATION OKARA 10
Security Measures
• Attack Detection
• Second Channel / Secured Channel
• Secure Client
Secure Client Second Channel
Secured Channel
Attack Detection
UNIVERSITY OF EDUCATION OKARA 11
Attack Detection
• Detect session hijacking attacks
– Monitor and compare request parameters
– Identify SSL Session and IP address changes
• Transaction verification / user profiling
– Statistic about normal user behaviour
– Compare transaction with normal user behaviour
– White list target accounts
– Limits on transaction amount
UNIVERSITY OF EDUCATION OKARA 12
Security Measures(cont)
• Second Channel
– Send verification using another channel
– Another application on the client computer
– Another medium like mobile phones (SMS)
• Secured Channel
– Enter data on an external device
– External device can not be controlled by Trojan
– Externel device contains a secret key
UNIVERSITY OF EDUCATION OKARA 13
Security Measures
• Secure Platform
– A computer that is only used for eBanking
– Bootable CD-ROM, Bootable USB Stick
– Virtual Machine
– eBanking Laptop
• Secure Environment
– Start an application (eg Browser) that protects itself
from Trojans
– Downstripped Browser
– Proprietary Application (fat client)
– Verify environment before login is possible
UNIVERSITY OF EDUCATION OKARA 14
Security Trends
UNIVERSITY OF EDUCATION OKARA 15
VISIT A BANK FOR CHECKING SECURITY
• Here I was visit the Habib Bank Limited Renala
Khurd.
• its Branch code is (0557).
• HBL established operations in Pakistan in 1947
and moved its head office to Karachi.
• Having this bank is high alert banking security.
• Here Account verification automatic updates
through Mobile Phone of any other networks.
UNIVERSITY OF EDUCATION OKARA 16
• Online Banking security in this bank is very
high alert.
• Protecting from Hackers because its software
is good and removing from all bugs and etc.
UNIVERSITY OF EDUCATION OKARA 17
Conclusions
• Here we found in the above slides that the
Banking Security Management/system in Banks at
Pakistan is very high.
• Banks provide security for individuals, businesses
and governments, alike.
• It is prove that banks to be vulnerable to many
risks, however, including credit, liquidity, market,
operating, interesting rate and legal risks.
• Debit cards provide easy access to the cash in
your account, but can cause you to rack up fees if
you're not careful.
UNIVERSITY OF EDUCATION OKARA 18
references
• http://en.wikipedia.org/wiki/Online banking
• http://www.rsa.com/node.aspx?id=1158
• APACS: Online banking usage amongst over 55s up fourfold
in five years
• http://www.apacs.org.uk/media centre/press/08 24
07.html
• APACS: APACS announces latest fraud figures
• http://www.apacs.org.uk/APACSannounceslatestfraudfigur
es.htm
• Symantec SilentBanker Trojaner description
http://www.symantec.com/security_response/writeup.jsp?
docid=2007-121718-1009-99&tabid=2
UNIVERSITY OF EDUCATION OKARA 19

More Related Content

What's hot

Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Cyber security
Cyber securityCyber security
Cyber securityChethanMp7
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 

What's hot (20)

Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Physical Security
Physical SecurityPhysical Security
Physical Security
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
Web security
Web securityWeb security
Web security
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 

Viewers also liked

GSM Based Bank Security Control
GSM Based Bank Security ControlGSM Based Bank Security Control
GSM Based Bank Security Controlmohin04
 
Keypad Based Bank Locker Security System Using Gsm Technology
Keypad Based Bank Locker Security System Using Gsm TechnologyKeypad Based Bank Locker Security System Using Gsm Technology
Keypad Based Bank Locker Security System Using Gsm TechnologyIJRES Journal
 
Banking locker security using Image processing
Banking locker security using Image processingBanking locker security using Image processing
Banking locker security using Image processingArpana shree
 
Bank locker system
Bank locker systemBank locker system
Bank locker systemRahul Wagh
 
Locker opening and closing system using rfid password and gsm
Locker opening and closing system using rfid password and gsmLocker opening and closing system using rfid password and gsm
Locker opening and closing system using rfid password and gsmSai Kumar
 
gsm based security system
gsm based security systemgsm based security system
gsm based security systemnayandey
 
iTM Banking Security Presentation
iTM Banking Security PresentationiTM Banking Security Presentation
iTM Banking Security Presentationmaitretester
 
Security in Banks and ATM's
Security in Banks and ATM'sSecurity in Banks and ATM's
Security in Banks and ATM'sInttelix
 
E banking security-09-logistics
E banking security-09-logisticsE banking security-09-logistics
E banking security-09-logisticseBankingSecurity
 
Houlihan Lokey: Valuation in the Delaware Courts
Houlihan Lokey: Valuation in the Delaware CourtsHoulihan Lokey: Valuation in the Delaware Courts
Houlihan Lokey: Valuation in the Delaware CourtsHoulihan Lokey
 
Managing Financial Technology Is It An Art Or Science
Managing Financial Technology   Is It An Art Or ScienceManaging Financial Technology   Is It An Art Or Science
Managing Financial Technology Is It An Art Or ScienceANZ
 
Wireless and Internet Security Principles
Wireless and Internet Security PrinciplesWireless and Internet Security Principles
Wireless and Internet Security Principlespualoob
 
eID Authentication mechanisms for eFinance and ePayment services
eID Authentication mechanisms for eFinance and ePayment serviceseID Authentication mechanisms for eFinance and ePayment services
eID Authentication mechanisms for eFinance and ePayment servicesManel Medina
 

Viewers also liked (20)

GSM Based Bank Security Control
GSM Based Bank Security ControlGSM Based Bank Security Control
GSM Based Bank Security Control
 
Keypad Based Bank Locker Security System Using Gsm Technology
Keypad Based Bank Locker Security System Using Gsm TechnologyKeypad Based Bank Locker Security System Using Gsm Technology
Keypad Based Bank Locker Security System Using Gsm Technology
 
Banking locker security using Image processing
Banking locker security using Image processingBanking locker security using Image processing
Banking locker security using Image processing
 
Bank locker system
Bank locker systemBank locker system
Bank locker system
 
Locker opening and closing system using rfid password and gsm
Locker opening and closing system using rfid password and gsmLocker opening and closing system using rfid password and gsm
Locker opening and closing system using rfid password and gsm
 
E banking security
E banking securityE banking security
E banking security
 
gsm based security system
gsm based security systemgsm based security system
gsm based security system
 
Ppt
PptPpt
Ppt
 
iTM Banking Security Presentation
iTM Banking Security PresentationiTM Banking Security Presentation
iTM Banking Security Presentation
 
Security in Banks and ATM's
Security in Banks and ATM'sSecurity in Banks and ATM's
Security in Banks and ATM's
 
Ppt tls
Ppt tlsPpt tls
Ppt tls
 
E banking security-09-logistics
E banking security-09-logisticsE banking security-09-logistics
E banking security-09-logistics
 
Hold back the invisible enemy
Hold back the invisible enemyHold back the invisible enemy
Hold back the invisible enemy
 
Houlihan Lokey: Valuation in the Delaware Courts
Houlihan Lokey: Valuation in the Delaware CourtsHoulihan Lokey: Valuation in the Delaware Courts
Houlihan Lokey: Valuation in the Delaware Courts
 
Почта
ПочтаПочта
Почта
 
Barbed Wire Network Security Policy 27 June 2005 7
Barbed Wire Network Security Policy 27 June 2005 7Barbed Wire Network Security Policy 27 June 2005 7
Barbed Wire Network Security Policy 27 June 2005 7
 
Managing Financial Technology Is It An Art Or Science
Managing Financial Technology   Is It An Art Or ScienceManaging Financial Technology   Is It An Art Or Science
Managing Financial Technology Is It An Art Or Science
 
Secure Online Banking
Secure Online BankingSecure Online Banking
Secure Online Banking
 
Wireless and Internet Security Principles
Wireless and Internet Security PrinciplesWireless and Internet Security Principles
Wireless and Internet Security Principles
 
eID Authentication mechanisms for eFinance and ePayment services
eID Authentication mechanisms for eFinance and ePayment serviceseID Authentication mechanisms for eFinance and ePayment services
eID Authentication mechanisms for eFinance and ePayment services
 

Similar to Security system in banks

30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla IsolationCybryx
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdf19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdfKunjJoshi14
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Wen-Pai Lu
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...eightbit
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securitySam Bowne
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci   Software Security - Napoli 10112016Matteo meucci   Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Minded Security
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 

Similar to Security system in banks (20)

30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdf19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdf
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Webdays blida mobile top 10 risks
Webdays blida   mobile top 10 risksWebdays blida   mobile top 10 risks
Webdays blida mobile top 10 risks
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Network Security
Network Security Network Security
Network Security
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci   Software Security - Napoli 10112016Matteo meucci   Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 

More from university of education,Lahore

More from university of education,Lahore (20)

Activites and Time Planning
 Activites and Time Planning Activites and Time Planning
Activites and Time Planning
 
Steganography
SteganographySteganography
Steganography
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
 
Activites and Time Planning
Activites and Time PlanningActivites and Time Planning
Activites and Time Planning
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
Network Security Terminologies
Network Security TerminologiesNetwork Security Terminologies
Network Security Terminologies
 
Project Scheduling, Planning and Risk Management
Project Scheduling, Planning and Risk ManagementProject Scheduling, Planning and Risk Management
Project Scheduling, Planning and Risk Management
 
Software Testing and Debugging
Software Testing and DebuggingSoftware Testing and Debugging
Software Testing and Debugging
 
ePayment Methods
ePayment MethodsePayment Methods
ePayment Methods
 
SEO
SEOSEO
SEO
 
A Star Search
A Star SearchA Star Search
A Star Search
 
Enterprise Application Integration
Enterprise Application IntegrationEnterprise Application Integration
Enterprise Application Integration
 
Uml Diagrams
Uml DiagramsUml Diagrams
Uml Diagrams
 
eDras Max
eDras MaxeDras Max
eDras Max
 
RAD Model
RAD ModelRAD Model
RAD Model
 
Microsoft Project
Microsoft ProjectMicrosoft Project
Microsoft Project
 
Itertaive Process Development
Itertaive Process DevelopmentItertaive Process Development
Itertaive Process Development
 
Computer Aided Software Engineering Nayab Awan
Computer Aided Software Engineering Nayab AwanComputer Aided Software Engineering Nayab Awan
Computer Aided Software Engineering Nayab Awan
 
Lect 2 assessing the technology landscape
Lect 2 assessing the technology landscapeLect 2 assessing the technology landscape
Lect 2 assessing the technology landscape
 
system level requirements gathering and analysis
system level requirements gathering and analysissystem level requirements gathering and analysis
system level requirements gathering and analysis
 

Recently uploaded

DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRADUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRATanmoy Mishra
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational PhilosophyShuvankar Madhu
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxheathfieldcps1
 
Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesMohammad Hassany
 
5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...CaraSkikne1
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptxSandy Millin
 
Presentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphPresentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphNetziValdelomar1
 
Ultra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxUltra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxDr. Asif Anas
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxMYDA ANGELICA SUAN
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfMohonDas
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxKatherine Villaluna
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17Celine George
 
Education and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxEducation and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxraviapr7
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 

Recently uploaded (20)

DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRADUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational Philosophy
 
The basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptxThe basics of sentences session 10pptx.pptx
The basics of sentences session 10pptx.pptx
 
Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming Classes
 
5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
 
Presentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a ParagraphPresentation on the Basics of Writing. Writing a Paragraph
Presentation on the Basics of Writing. Writing a Paragraph
 
Ultra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxUltra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptx
 
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quizPrelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptx
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdf
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptx
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
 
Education and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptxEducation and training program in the hospital APR.pptx
Education and training program in the hospital APR.pptx
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 

Security system in banks

  • 1. SECURITY SYSTEM IN BANKS SUBMITTED FROM MUHAMMAD ADEEL RIAZ SUBMITTED TO SIR INAM UL HAQ ROLL NO. 3024 UNIVERSITY OF EDUCATION OKARA 1 UNIVERSITY OF EDUCATION LAHORE (OKARA)
  • 2. TABLE OF CONTENTS Sr. No Description Slides No 1 eBanking Security 3 2 Agenda 4 3 Targets of Attacks 5 4 Clients Attacks 6 5 Geneic Torjans 7 to 10 6 Security Measures 11 to 15 7 Visit to Bank 16to17 8 Conclusion 18 9 Refrence 19 UNIVERSITY OF EDUCATION OKARA 2
  • 3. eBanking Security? • Is eBanking still safe? • What are the security trends in eBanking? • What can we learn from eBanking trends for other online applications? UNIVERSITY OF EDUCATION OKARA 3
  • 4. Agenda • eBanking Attacks • Security Measures • Secure Communication • Implementations • Outlook / Thesis UNIVERSITY OF EDUCATION OKARA 4
  • 5. Target of Attacks Phishing Attacks Trojan Attacks Pharming DNS Spoofing Network Interception Web Application Attacks Attacking Server UNIVERSITY OF EDUCATION OKARA 5
  • 6. Client Attacks Most promising attack on the client: • Phishing • Motivate user to enter confidential information on fake web site • Simple Trojans • Limited to a handful of eBanking applications • Steal username, password and one time password • Steals session information and URL and sends it to attacker • Attacker imports information into his browser to access the same account • Generic Trojans • In the wild since 2007, but still in development • Can attack any eBanking (and any web application) • New configuration is downloaded continously UNIVERSITY OF EDUCATION OKARA 6
  • 7. Generic Trojans • Infection of client with user interaction  Email attachments (ZIP, Exe, etc.)  Email with link to malicious web site  Links in social networks  Integrated in popular software (downloads)  File transfer of instant messaging/VoIP/file sharing  CD-ROM/USB Stick • Infection of client without user interaction – Malicious web sites (drive by) – Infection of trusted, popular web sites (IFRAME …) – Misusing software update functionality (like Bundestrojaner) – Attacks on vulnerable, exposed computer (network/wireless) Note: About 1% of Google search query results point to a web site that can lead to a drive by attack. UNIVERSITY OF EDUCATION OKARA 7
  • 8. Generic Trojans • Features of Generic Trojans – Hide from security tools (anti-virus/personal firewall) – Inject code in running processes / drivers / operating system – Capture/Redirect/Send data – Download new configuration / functionality – Remote control browser instance UNIVERSITY OF EDUCATION OKARA 8
  • 9. Generic Trojans(cont) • Features useful for eBanking attacks – Send web pages of unknown eBanking to attacker – Download new patterns of eBanking transaction forms – Modify transaction in the background (on the fly) – Collect financial information UNIVERSITY OF EDUCATION OKARA 9
  • 10. Generic Trojans(cont) Tips and Tricks • Every Trojan binary is unique (packed differently) – Not detectable by Anti Virus Patterns • Trojan code is injected into other files or other processes – Personal Firewall can not block communication • Installs in Kernel – Full privileges on system – Invisible • Bot Networks UNIVERSITY OF EDUCATION OKARA 10
  • 11. Security Measures • Attack Detection • Second Channel / Secured Channel • Secure Client Secure Client Second Channel Secured Channel Attack Detection UNIVERSITY OF EDUCATION OKARA 11
  • 12. Attack Detection • Detect session hijacking attacks – Monitor and compare request parameters – Identify SSL Session and IP address changes • Transaction verification / user profiling – Statistic about normal user behaviour – Compare transaction with normal user behaviour – White list target accounts – Limits on transaction amount UNIVERSITY OF EDUCATION OKARA 12
  • 13. Security Measures(cont) • Second Channel – Send verification using another channel – Another application on the client computer – Another medium like mobile phones (SMS) • Secured Channel – Enter data on an external device – External device can not be controlled by Trojan – Externel device contains a secret key UNIVERSITY OF EDUCATION OKARA 13
  • 14. Security Measures • Secure Platform – A computer that is only used for eBanking – Bootable CD-ROM, Bootable USB Stick – Virtual Machine – eBanking Laptop • Secure Environment – Start an application (eg Browser) that protects itself from Trojans – Downstripped Browser – Proprietary Application (fat client) – Verify environment before login is possible UNIVERSITY OF EDUCATION OKARA 14
  • 15. Security Trends UNIVERSITY OF EDUCATION OKARA 15
  • 16. VISIT A BANK FOR CHECKING SECURITY • Here I was visit the Habib Bank Limited Renala Khurd. • its Branch code is (0557). • HBL established operations in Pakistan in 1947 and moved its head office to Karachi. • Having this bank is high alert banking security. • Here Account verification automatic updates through Mobile Phone of any other networks. UNIVERSITY OF EDUCATION OKARA 16
  • 17. • Online Banking security in this bank is very high alert. • Protecting from Hackers because its software is good and removing from all bugs and etc. UNIVERSITY OF EDUCATION OKARA 17
  • 18. Conclusions • Here we found in the above slides that the Banking Security Management/system in Banks at Pakistan is very high. • Banks provide security for individuals, businesses and governments, alike. • It is prove that banks to be vulnerable to many risks, however, including credit, liquidity, market, operating, interesting rate and legal risks. • Debit cards provide easy access to the cash in your account, but can cause you to rack up fees if you're not careful. UNIVERSITY OF EDUCATION OKARA 18
  • 19. references • http://en.wikipedia.org/wiki/Online banking • http://www.rsa.com/node.aspx?id=1158 • APACS: Online banking usage amongst over 55s up fourfold in five years • http://www.apacs.org.uk/media centre/press/08 24 07.html • APACS: APACS announces latest fraud figures • http://www.apacs.org.uk/APACSannounceslatestfraudfigur es.htm • Symantec SilentBanker Trojaner description http://www.symantec.com/security_response/writeup.jsp? docid=2007-121718-1009-99&tabid=2 UNIVERSITY OF EDUCATION OKARA 19