꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
SuperSec Bank-Cybersecurity Department-t
1. 1
SuperSec Bank
Senior Project
Group 1
Cybersecurity Department
Semester 2
2022/2023
Group member names:
Student Name ID Email Address
Abdul Aziz Sheikh Hussein 442236364 442236364@tvtc.edu.sa
Rashed Al-Dossari 442236361 442236361@tvtc.edu.sa
Hatlan Alhatlan 442236341 442236341@tvtc.edu.sa
4. 4
Acknowledgement
To the Director of the Cybersecurity Department at the College, to my dear professor,
and to the students in the Cybersecurity Department.
I would like to express my sincere thanks and appreciation for your help in writing
my research paper. Your assistance was invaluable to me, and without it, I would not
have been able to complete my research in the form it appears.
You were always available to answer my questions and provide advice and guidance.
You helped me to understand the topic better and organize my thoughts in a clear and
concise manner.
I would also like to thank you for your patience and understanding during the research
preparation period. You were always supportive of me and encouraged me to move
forward.
I pray that God Almighty will guide you in your academic and professional life, and
that He will reward you for us with the best reward.
With sincere appreciation.
5. 5
Dedication
To my dear father, without whom I would not have written these lines,
To my beloved mother, who always listened to me and encouraged me to move
forward,
To my dear brothers and sisters, who have always supported me and stood by me,
I dedicate this book with pride and pride.
It is the product of Months of work and effort, and without your support and support, I
would not have been able to achieve this accomplishment.
Thank you for everything, and I hope you find in this book what will make you happy
and benefit you.
With sincere love and appreciation.
Hitlan Hitlan
Rashid Al-Dosari
Abdul Aziz Al-Sheikh Hussein
[2024/1/23]
7. 7
Project Overview
Cybersecurity in banking brings financial services providers proactive solutions for
regulatory compliance, network security, data encryption and threat monitoring. The
precautions needed to safeguard online financial activities range from awareness and
training for employees and customers to routine risk management assessments
Problem Statement
What is the problem?
When it comes to websites and cybersecurity, the issue frequently centers on flaws or
vulnerabilities in the setup or coding of the website. Attackers may use these flaws to
obtain unauthorized access, steal confidential information, or interfere with the
regular operation of the website. In our situation, we have a bank that is frequently
targeted by hackers and is subject to fresh attacks on a daily basis.
Why there is this problem?
1- Weak router authentication protocol
2- weak user authentication
3- weak Accountably
4-no secure connection
5-no privacy
What your project is going to solve?
1. Firewall
2. AAA
3. Ip sec vpn
4. MD5
5. Syslog
Project Impact
-What is the impact of your project on society or environment
8. 8
one single security breach can lead to exposing the personal information of millions
of people. These breaches have a strong financial impact on the companies and also
loss of the trust of customers. Hence, cyber security is very essential to protect
businesses and individuals from spammers and cyber criminals
9. 9
Project Scope
Describe what work is in scope for your project and what is out of its
boundaries
Cyber security is key for Banks to keep customers money safe and secure.
Cybersecurity also helps to maintain customer trust and confidence in the banking
system. Banks use the latest security measures to protect customers' personal
information and financial transactions.
Aims and Objectives
Protecting bank networks is a shared responsibility between companies, society, and
individuals. By investing in cybersecurity solutions, raising awareness among
employees, and cooperating with other entities, we can ensure the security of financial
data for customers, protect the reputation of banks, and guarantee business continuity,
Cost Savings.
Existing Solutions and Their Limitations
What are other existing solutions (minimum 2)
1- A New Conceptual Framework Modelling for Cloud Computing Risk
Management in Banking Organizations
Benefits Limitations
Enhanced Risk Identification and
Assessment.
Increased Compliance and
Regulatory Adherence.
Improved Decision-Making for
Cloud Adoption.
Stronger Cybersecurity Posture.
Improved Transparency and
Communication.
Novelty Concerns.
Implementation Complexity.
Continuous Adaptation Needs.
Integration Challenges.
10. 10
A paragraph demonstrates how you are going to address/solve the
problem? (in general)
1. Emphasize novelty and specificity.
2. Provide concrete examples: Briefly mention a
specific risk category (e.g. data breaches) and
its corresponding counter strategies (e.g.
encryption and data loss prevention).
3. Measuring the benefits.
4. Addressing implementation challenges.
5. Close with a call to action.
2- The Significance of Cybersecurity System in Helping Managing
Risk in Banking and Financial Sector
Benefits Limitations
Reduced Risk of Financial
Losses.
Enhanced Regulatory
Compliance.
Improved Customer Trust
and Confidence.
Operational Efficiency and
Cost Savings.
Competitive Advantage.
Point out if the solutions focus
on specific situations or
systems, limiting broader
application.
Mention the resource and
expertise needed for
implementation, highlighting
the technical complexity.
Briefly touch on the need for
adaptability due to evolving
threats
11. 11
A paragraph demonstrates how you are going to address/solve the
problem? (in general)
Proactive defense
Data protection
Risk management
Continuous adaptation
Benefits:
Reduces cyber risk and builds resilience.
Safeguards trust and stability in the financial sector.
Offers a roadmap for effective risk management.
This summary captures the key elements of the solution and its potential
benefits, while remaining concise
13. 13
In the previous Chapter, we discussed corporate security and threats in banks. In this
Chapter, we will continue with a detailed explanation of five topics related to network
security from cyber threats. After that, we will complete the project with three
additional projects. We will address threat problems using five methods:
● Firewalls
● AAA
● IPsec VPN
● MD5
● Syslog
14. 14
Background Section
Firewall Functionality:
The fundamental objective of a firewall is to safeguard a computer network from
external threats emanating from the internet. These threats encompass:
● Hacking attempts: Illicit efforts to gain unauthorized access to sensitive data or
software applications within the network.
● Malicious software proliferation: The dissemination of harmful programs such as
viruses and trojans, capable of compromising the network's integrity and
functionality.
● Denial-of-service attacks: Malicious attempts to disrupt the network's normal
operation by inundating it with a high volume of illegitimate data requests, thereby
rendering it inaccessible to legitimate users"[3].
Overall:
Firewalls offer significant advantages for enhancing network security and
complying with regulations. However, it is crucial to weigh the potential
drawbacks, such as performance impact and complexity, before
implementing them. Choosing the right firewall solution and ensuring
proper configuration is essential to maximize its benefits while minimizing
limitations.
Authentication, authorization, and accounting (AAA) is:
" A framework for controlling access to computer resources, enforcing policies,
and auditing usage. AAA is a key component of network security, as it helps to
protect networks from unauthorized access and misuse.
15. 15
IPsec VPNs:
Work by using a combination of encryption and authentication to protect data in
transit. The encryption process scrambles the data so that it is unreadable to
unauthorized users. The authentication process verifies the identity of the sender
and receiver of the data"[5].
MD5 is:
"A type of algorithm that is known as a cryptographic hash algorithm. MD5 produces
a hash value in a hexadecimal format. This competes with other designs where hash
functions take in a certain piece of data, and change it to provide a key or value that
can be used in place of the original value"[6].
Syslog is:
"A standard method for collecting and storing system log messages from network
devices and applications. Syslog messages are typically used to log security events,
such as failed login attempts, unauthorized access, and data breaches"[7].
16. 16
Related Work Section
1. Influence of Risk Analysis as a Risk Management Practice on Project
Performance in Kenya Commercial Banks
" Risk analysis in Kenyan banks helps project success: identifies
issues early, allocates resources effectively, sets realistic budgets.
How it works: quantifying risks, informed decisions, mitigation
strategies.
Important aspects: transparency, regulation adherence.
Benefits: adaptability, resilience, continuous improvement.
Overall: reduces uncertainty, contributes to project success in a
dynamic environment"[8]
Advantages Disadvantages
Improved project performance.
Better resource allocation.
Enhanced decision-making.
Increased transparency and
accountability.
Compliance with regulations.
Increased time and cost.
Complexity.
Data limitations.
Overreliance on models.
Resistance to change
- How did those work solved the problem?
"Resources are not allocated and budgets are not prepared adequately."
- How your work is different from existing work in addressing your stated
problem?
Resource allocation and budgeting:
Through risk stages, banks can allocate resources more efficiently and develop
realistic budgets. This addresses the problem of lack of resources or excess
costs, ensuring that the project has the necessary resources at each stage
17. 17
2. Countering the Cyber Threats Against Financial Institutions in Canada: A
Qualitative Study of a
Private and Public Partnership Approach to Critical Infrastructure Protection
"The research provides an important contribution to the security of financial
institutions. The recommendations highlight a group of areas where the
participation of information between the public and private sectors can be improved
to combat cyber-attacks. It is important that these recommendations be effectively
implemented to improve the security of financial institutions in Canada and
abroad."[9]
- How did those work solved the problem?
Network security monitoring weakness
- How your work is different from existing work in addressing your stated
problem?
Use Real-time Network Monitoring Using NMS: "Network Management Systems are
a set of software and tools used to monitor and analyze the performance and operation
of network devices, servers, and connected systems. They provide comprehensive
insights into the network's status and offer means to enhance its security and efficiency.
3. A FRAMEWORK FOR THE MOBILIZATION OF CYBER SECURITY AND
RISK MITIGATION OF FINANCIAL ORGANIZATIONS IN
BANGLADESH
"This abstract introduces a framework aimed at improving the cybersecurity
preparedness of financial institutions in Bangladesh. It highlights the
18. 18
framework's strategic approach and emphasizes its potential for enhancing
cyber resilience." [10]
- How did those work solved the problem?
The study is limited to addressing internal cyber risks only.
- How your work is different from existing work in addressing your stated
problem?
Expanding the treatment of internal and external cyber risks.
20. 20
In the previous section, we provided a detailed explanation of cybersecurity topics,
including how to address threat issues. In this section, we will discuss the workshops
that are held to close security gaps, which will help maintain the security of the bank's
networks.
Project Planning:
Bank data protection plays an important role in maintaining the safety of the financial system
and protecting customer rights. The bank data protection authority aims to achieve this goal
by providing a range of services and programs that help banks protect their data.
Project Objectives
The bank data protection authority planning project aims to achieve the following
objectives:
● Develop a comprehensive plan for the bank data protection authority that defines its
goals, operating strategy, and regulatory framework.
● Identify the resources needed to operate the authority and execute its activities.
● Establish a framework for evaluating the authority's performance and improvement.
21. 21
Project Timeline:
This document outlines the sequence of events and key milestones we followed to
successfully deliver the project.
Analysis:
We will align setup requirements with the client agreement during this analysis phase
This phase ensures setup requirements strictly adhere to the client agreement
Highlighting requirement determination.
1- Functional requirement
2- Non- Functional requirement
22. 22
Functional requirement
Quantity
Description
ID
12
Routers
1941
1
TACACS Server
Server PT-T
1
RADIUS Server
Server PT-R
1
Syslog Server
Server PT-S
9
computer
PC-PT
11
Switches
2960-24TT
1
Firewall
ASA
1
DMZ Server
DMZ
100m
Ethernet
cable
Non- Functional requirement
Description
mission
Monitoring the work that has been completed and
monitoring the systems
Services
covering the start of the designing phase and the plan to
start the implementation to finish
Meeting
Used the packet tracer for designing, implementation and
testing the project
program
Conducting personal interviews with project staff
Interviews
Calculating the total cost of a project
cost
23. 23
Designing:
In the design phase, we will explain how the designs that were relied on to solve the
bank's problems and raise the security of its servers.
IPsec VPN
AAA Authentication
Fieger2-4
Fieger1-4
Syslog,MD5
Firewall
Fieger4-4
Fieger3-4
24. 24
AAA Authentication IP Address
Device Interface IP Address Subnet Mask
R1 G0/1 192.168.1.1 255.255.255.0
S0/0/0 (DCE) 10.1.1.2 255.255.255.252
R2 G0/0 192.168.2.1 255.255.255.0
S0/0/0 10.1.1.1 255.255.255.252
S0/0/1 (DCE) 10.2.2.1 255.255.255.252
R3 G0/1 192.168.3.1 255.255.255.0
S0/0/1 10.2.2.2 255.255.255.252
TACACS+ Server NIC 192.168.2.2 255.255.255.0
RADIUS Server NIC 192.168.3.2 255.255.255.0
PC-A NIC 192.168.1.3 255.255.255.0
PC-B NIC 192.168.2.3 255.255.255.0
PC-C NIC 192.168.3.3 255.255.255.0
TABLE 1-4 DESIGN IP ADDRESS
IPsec VPN IP Address
Device Interface IP Address Subnet Mask
R1 G0/0 192.168.1.1 255.255.255.0
S0/0/0 (DCE) 10.1.1.2 255.255.255.252
R2 G0/0 192.168.2.1 255.255.255.0
S0/0/0 10.1.1.1 255.255.255.252
S0/0/1 (DCE) 10.2.2.1 255.255.255.252
R3 G0/0 192.168.3.1 255.255.255.0
25. 25
S0/0/1 10.2.2.2 255.255.255.252
PC-A NIC 192.168.1.3 255.255.255.0
PC-B NIC 192.168.2.3 255.255.255.0
PC-C NIC 192.168.3.3 255.255.255.0
TABLE 1-2 DESIGN IP ADDRESS
Firewall IP Address
Device Interface IP Address Subnet Mask
R1 G0/0 209.165.200.225 255.255.255.248
S0/0/0 (DCE) 10.1.1.1 255.255.255.252
R2 S0/0/0 10.1.1.2 255.255.255.252
S0/0/1 (DCE) 10.2.2.2 255.255.255.252
R3 G0/1 192.168.3.1 255.255.255.0
S0/0/1 10.2.2.1 255.255.255.252
ASA VLAN 1 (E0/1) 192.168.1.1 255.255.255.0
ASA VLAN 2 (E0/0) 209.165.200.226 255.255.255.248
ASA VLAN 3 (E0/2) 192.168.2.1 255.255.255.0
DMZ Server NIC 192.168.2.3 255.255.255.0
PC-B NIC 192.168.1.3 255.255.255.0
PC-C NIC 192.168.3.3 255.255.255.0
TABLE 1-3 DESIGN IP ADDRESS
26. 26
Syslog, MD5 IP Address
Device Interface IP Address Subnet Mask
R1 G0/1 192.168.1.1 255.255.255.0
S0/0/0 (DCE) 10.1.1.1 255.255.255.252
R2 S0/0/0 10.1.1.2 255.255.255.252
S0/0/1 (DCE) 10.2.2.2 255.255.255.252
R3 G0/1 192.168.3.1 255.255.255.0
S0/0/1 10.2.2.1 255.255.255.252
PC-A NIC 192.168.1.5 255.255.255.0
PC-B NIC 192.168.1.6 255.255.255.0
PC-C NIC 192.168.3.5 255.255.255.0
TABLE 4-4 DESIGN IP ADDRESS
27. 27
Configure Cisco Routers for OSPF MD5 and Syslog
Screenshot, Command
Description
Fieger1-2
Fieger2-2
"R1(config)# router ospf 1
R1(config-router)# area 0 authentication message-digest
R2(config)# router ospf 1
R2(config-router)# area 0 authentication message-digest
R3(config)# router ospf 1
R3(config-router)# area 0 authentication message-digest
Configure an MD5 key on the serial interfaces on R1, R2 and R3. Use the password MD5pa55 for key 1.
R1(config)# interface s0/0/0
R1(config-if)# ip ospf message-digest-key 1 md5 MD5pa55
R2(config)# interface s0/0/0
R2(config-if)# ip ospf message-digest-key 1 md5 MD5pa55
R2(config-if)# interface s0/0/1
R2(config-if)# ip ospf message-digest-key 1 md5 MD5pa55
R3(config)# interface s0/0/1
R3(config-if)# ip ospf message-digest-key 1 md5 MD5pa55
R1(config)# service timestamps log datetime msec
R2(config)# service timestamps log datetime msec
R3(config)# service timestamps log datetime msec
R1(config)# logging host 192.168.1.6
R2(config)# logging host 192.168.1.6
R3(config)# logging host 192.168.1.6"[11]
Config OSPF
MD5
authentication
for all the
routers in
area 0.
Config
timestamp
service for
logging on
the routers.
Config the
routers to
identify the
remote host
(Syslog
Server) that
will receive
messages
The router
console will
display a
message that
logging has
started.
28. 28
AAA Authentication
Screenshot, Command
Description
(Fieger1-2 )
(Fieger2-2)
Configure a username
Enable AAA on R1 and configure AAA authentication for the console login to use the
local database
Enable AAA on R1 and configure AAA authentication for the console login to use the
default method list.
Verify the AAA authentication method
R1(config-line)# end
%SYS-5-CONFIG_I: Configured from console by console
R1# exit
R1 con0 is now available
Press RETURN to get started.
************ AUTHORIZED ACCESS ONLY *************
Config a local user
account on R1 and
configure
authenticate on the
console and vty lines
using local AAA.
Verify local AAA
authentication from
the R1 console and
the PC-A client
Config server-based
AAA authentication
using TACACS+
.
Verify server-based
AAA authentication
from the PC-B
client.
Config server-based
AAA authentication
using RADIUS.
Verify server-based
AAA authentication
from the PC-C
client.
29. 29
IPsec VPN
Screenshot, Command
Description
(Fieger1-1 )
Enable the Security Technology package
R1(config)# license boot module c1900 technology-package securityk9
Identify interesting traffic on R1.
R1(config)# access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.3.0
0.0.0.255
Configure the IKE Phase 1 ISAKMP policy on R1.
Create the transform-set VPN-SET to use esp-aes and esp-sha-hmac.
R1(config)# crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac
Create the crypto map VPN-MAP that binds all of the Phase 2 parameters together. Use
sequence
number 10 and identify it as an ipsec-isakmp map.
R1(config)# crypto map VPN-MAP 10 ipsec-isakmp
R1(config-crypto-map)# description VPN connection to R3
R1(config-crypto-map)# set peer 10.2.2.2
R1(config-crypto-map)# set transform-set VPN-SET
R1(config-crypto-map)# match address 110
R1(config-crypto-map)# exit
Verify connectivity
throughout the
network.
Config R1 to support
a site-to-site IPsec
VPN with R3
30. 30
ASA Basic Setting Firewall
Screenshot, Command
Description
(Fieger1-1 )
Configure a logical VLAN 1 interface for the inside network (192.168.1.0/24) and set
the security level to
the highest setting of 100.
CCNAS-ASA(config)# interface vlan 1
CCNAS-ASA(config-if)# nameif inside
CCNAS-ASA(config-if)# ip address 192.168.1.1 255.255.255.0
CCNAS-ASA(config-if)# security-level 100
Create a logical VLAN 2 interface for the outside network (209.165.200.224/29), set the
security level to
the lowest setting of 0, and enable the VLAN 2 interface.
CCNAS-ASA(config-if)# interface vlan 2
CCNAS-ASA(config-if)# nameif outside
CCNAS-ASA(config-if)# ip address 209.165.200.226 255.255.255.248
CCNAS-ASA(config-if)# security-level 0
Create network object inside-net and assign attributes to it using the subnet and nat
commands.
CCNAS-ASA(config)# object network inside-net
CCNAS-ASA(config-network-object)# subnet 192.168.1.0 255.255.255.0
CCNAS-ASA(config-network-object)# nat (inside,outside) dynamic interface
CCNAS-ASA(config-network-object)# end
Verify connectivity and
explore the ASA
Configure basic ASA
settings and interface
security levels using
CLI
Configure routing,
address translation,
and inspection policy
using CLI
31. 31
Testing:
The execution phase will include exhaustive testing of all network elements, covering
the functionality of wiring, equipment, and services.
TESTING STATUS
CONFIG OSPF MD5 AUTHENTICATION PASS
CONFIG SERVER-BASED AAA AUTHENTICATION USING
TACACS+.
PASS
VERIFY SERVER-BASED AAA AUTHENTICATION FROM
THE PC-B CLIENT.
PASS
CONFIG SERVER-BASED AAA AUTHENTICATION USING
RADIUS.
PASS
CONFIG R1 TO SUPPORT A SITE-TO-SITE IPSEC VPN
WITH R3
PASS
CONFIG BASIC ASA SETTINGS AND INTERFACE SECURITY
LEVELS USING CLI
PASS
CONFIGURE ROUTERS TO LOG MESSAGES TO THE SYSLOG
SERVER
PASS
32. 32
Conclusion:
In conclusion, it can be said that network security and protection in banks is an
important issue that banks should focus on, in order to ensure the protection of
customer data and money from cyber attacks.
This book has addressed many topics related to network security and protection in
banks, including:
The security risks facing banking networks
The security measures that banks can take to protect themselves from these risks
The cybersecurity technologies that banks can use to enhance their security
The implementation of appropriate security measures and the use of effective
cybersecurity technologies can help banks to protect themselves from cyber-attacks
and ensure the continuity of their business.
Here are some additional tips that banks can follow to enhance their network security:
Raise awareness among employees of security risks and how to prevent them
Conduct regular security training for employees
Update antivirus and other security software regularly
Use firewalls and access control software to limit unauthorized access to networks
Create a clear security policy and apply it to all employees
By following these tips, banks can enhance their network security and protect
customer data and money from cyber attacks.
33. 33
References:
[1] Elzamly, A., Hussin, B., Abu Naser, S., Khanfar, K., Doheir, M., Selamat, A., &
Rashed, A. (2016). A new conceptual framework modelling for cloud computing risk
management in banking organizations. International Journal of Grid and Distributed
Computing, 9(9), 137-154.
[2] Al-Alawi, A. I., & Al-Bassam, M. S. A. (2020). The significance of cybersecurity
system in helping managing risk in banking and financial sector. Journal of Xidian
University, 14(7), 1523-1536.
[3] https://me-en.kaspersky.com/resource-center/definitions/firewall
[4] https://studylib.net/doc/25441498/data-security-and-audit
[5] Book "Network Security Essentials" Author " David Curry"
[6] https://www.techopedia.com/definition/4022/md5
[7] https://en.wikipedia.org/wiki/Syslog
[8] Glantz, M. (2003). Managing bank risk: an introduction to broad-base credit
engineering. academic press.
[9] Pomerleau, P. L. (2019). Countering the Cyber Threats Against Financial
Institutions in Canada: A Qualitative Study of a Private and Public Partnership
Approach to Critical Infrastructure Protection (Doctoral dissertation, Northcentral
University).
[10] Siddique, N. A. (2019). Framework for the mobilization of cyber security and risk
mitigation of financial organizations in Bangladesh: A case study.
[11] Cisco Systems, Inc. (2023). CCNA Security 2.0 Instructor Packet Tracer Manual.
San Jose, CA: Cisco Press.