-
- QUESTION
We live in an Information Technology (IT) world wherein a massive scale of information is stored in the computer systems and networks. In the advent of advanced technological development, the need to authenticate in several IT systems has been self-evident. There has been the need to regulate access to IT systems and computer networks because the kind of data stored in the systems are becoming increasingly sensitive and more significant (). Essentially, with the rapid increase of information comes the requirement to safeguard the computer systems and networks. The principal object of user authentication is to permit ingress to computer networks and systems and prevent unauthorized access (). In this regard, the most common user authentication system that is often used is the password-based authentication. This mechanism involves the use of alphanumerical passwords (). Whereas this method carries the tag of ease of implementation, it has had significant drawbacks particularly with respect to the regulation of access to the computer systems and networks. There is, therefore, a great need to move away from password-based authentication.
- Background
- The Use of Password-based Authentication
From the advent of the creation of computer systems and networks, password-based authentication has been the main modality of securing IT infrastructures. As illustrated above, the mechanism involves the use of alphanumerical passwords (Conklin, Dietrich, and Walz, 2004). It is the most widely used method of managing the access to information resources. This modality places heavy reliance on the “human cognitive ability to remember the shared secret” between the user and the computer system (Conklin, Dietrich, and Walz, 2004, p. 10). During the early computing days in the 90’s when there were few computer systems and only a small select group of users, the password-based authentication modality was effective in safeguarding the data that existed in the computer systems. However, with the increased rate of technological development, there is a growing need to commence the movement away from password-based authentication.
- Vulnerabilities Attached to the Use of Password-based Authentication
Whereas the use of password-based authentication is cost-effective and easy to manage, this authentication modality carries with it much vulnerability. It is particularly highly susceptible to security attacks. Most social media computer systems require the use of a user name and a password for ingress. Popular web systems such as Google, Facebook, Twitter, LinkedIn, Yahoo, among others require the use of the above stated authentication modality (Khan and Albattah, 2017). In most instances and for the sake of ease of remembrance, users often prefer to use the same password to log in to the various computer systems that they interact with (Khan and Albattah, 2017). This has meant that once password data is leaked from one particular popular web system, the security of the user’s information in all other computer systems that are used by him are placed at a point of vulnerability. This then serves to defeat the meaning of the existence of an authentication system in the first place.
The use of password-based authentication has not only led to the risk that the password may be guessed but the risk of the gathering and spreading of encrypted passwords by negative elements to other people (Khan and Albattah, 2017). An organization that has faced this risk is UNIX (Manber, 1996). The organization faced lots of attacks mainly because the password file had been grabbed and utilized to the detriment of the organization (Manber, 1996). It is, therefore, apparent that the use of password-based authentication comes with the risk that the password file may be grabbed and utilized to the detriment of the respective user.
- Biometric Authentication as an Alternative to Password-based Authentication: Related Works/ Research Methods
Password-based authentication is the most popular system of authentication because it is cost-effective and easy to manage. It is also the modern day authentication modality that has indeed stood the test of time. It has been used for several decades now. As a result of these factors, the authentication modality is highly popular since users have been exposed to it on numerous occasions. However, the skyrocketing progress in technological advancement has meant that alphanumerical passwords are very easy to crack. In this regard, the recommendation herein is that; just as users have become socialized to the password-based authentication modality through the first instance beckoning when an individual wants to access a particular computer system and the consequent repetitive usage, users should equally be provided with the option of using biometric authentication. In essence, ordinarily when a user wants to access a particular computer system he has to provide his username and an accompanying password and the latter will act as a secret which is shared between the user and the computer system so that the user will always input the password, as well as, the user name so as to gain repetitive access to the computer system. The recommendation is that just as the user gets the prompt to use password-based authentication from the first instance, he should also get the prompt to use biometric authentication or be given the alternative of using either biometric authentication or password-based authentication.
As illustrated above, the biometric authentication is near-foolproof. The use of this authentication modality serves to minimize the chances of security attacks. It is, therefore, important that the users of the computer systems are made aware of the security variance that exists between the utility of biometric authentication vis-à-vis password-based authentication. If after knowledge of the variance the users still prefer to use password-based authentication, they will do so while being fully aware of the potential risks that they will have opened themselves to. This practice is likely to result in the increased use of the biometric authentication modality as opposed to password-based authentication.
- Conclusion
| Subject | Technology | Pages | 9 | Style | APA |
|---|
Answer
|
Effectiveness of IDS and Firewall in Preventing Cyber Attacks in the Banking Sector |
|
Aditya Movva Ansel Thomas |
Abstract— The steady growth in technological advancement and the near-universal usage of the cyber space has meant that criminal elements have diverted their attacks to the cyber space. There is a growing list of cyber-attacks and cyber-crimes that occur on the cyber space on a daily basis. Some of these include; Denial-of-Service (DOS), phishing and spear phishing attacks, Man-in-the-Middle attack, Drive-by attack, SQL injection attack, password attack, Eavesdropping attack, cross-site scripting attack (XSS), Malware attack, and Birthday attack, among others (). These attacks are not only meted on individuals, governments, and organizations in general but also on banking institutions. Modern day bank robbery mostly occurs in the cyber space. The need for a mechanism to prevent these cyber-attacks on banking institutions cannot be underestimated. Intrusion Detection System (IDS) and firewall can effectively be applied to serve the purpose of detecting and preventing cyber-attacks respectively. The aim of this paper is to espouse on the effectiveness of IDS and firewall in detecting and preventing cyber-attacks in a banking institution. This analysis will mainly be conducted by dint of a review of literature. Based on the review of literature as outlined herein, it is apparent that many scholars are in agreement about the fact that IDS and firewall is effective in detecting and preventing cyber-attacks on banking institutions. The conclusion thereto is that it is imperative that banking institutions fully utilize IDS and firewall systems such as Network Intrusion Detection Systems (NIDS) and the Host Intrusion Detection System (HIDS) to detect and prevent cyber-attacks on their networks.
Index Terms—Denial-of-service, Network Intrusion detection systems, Password attack.
INTRODUCTION
|
T |
he unprecedented growth in technological development has also meant that crimes are committed in the cyber space. The US Ponemon Institute recently conducted a study of 254 companies in seven countries and the results thereto showed that financial institutions in particular are faced with an average of 125 intrusions every year [1]. This figure is three times higher than it was six years ago and it is set to continue rising if stringent measures are not taken to safeguard these networks. It is also important to note that recently, the FBI issued a 3 million dollars bounty for information on FBI’s most wanted cybercriminal who was responsible for creating a Malware known as GameOver ZeuS botnet that consequentially led to the infection of about 1 million computers and led to the theft of over $100 million from consumers and businesses in the US and worldwide [2]. Essentially, the revelation herein speaks to the fact that criminal elements in the cyber space have taken particular interest in the banking institutions. The banking institutions have, therefore, taken significant steps towards protecting their networks. IDS and firewall has been effective in detecting and preventing cyber-attacks in the banking institutions.
Related work/ Research methods
Mehra (2015) in an article dubbed “Controlling Attacks and Intrusions on Internet Banking using Intrusion Detection Systems in Banks” provides an illustration of the effectiveness of intrusion detection systems in detecting and preventing attacks on “internet banking and other e-commerce-based transactions” [3]. The two main effective modalities in this regard are the Network Intrusion Detection Systems (NIDS) and the Host Intrusion Detection System (HIDS). NIDS is placed at a particular strategic point within the network and it serves the purpose of monitoring traffic to and from all devices within that network [4]. It analyses all the traffic that passes through the entire subnet and matches the traffic that passes on the subnets to the library of known attacks [5]. Once any abnormal behavior is sensed, an alert is sent to the administrator. The HIDS, on the other hand, is installed on individual computers within the system. Traffic is then analyzed to and from the specific computers. HIDS boasts of features that are not available in the NIDS at arguably provides a near fool-proof protection against cyber-attacks. Essentially, the argument of the author is that the use of intrusion detection systems is effective in alleviating the occurrence of attacks on networks that are concerned with online banking services.
Figure 1[6]
Just as is the case with many financial institutions around the world, banks in Nigeria have digitalized most of their operations. This then means that the need to put up formidable computer strategies has been self-evident. Ogunwobi, Folorunso, and Alebiosu (2016) conducted a study on the effectiveness of computer security strategies that have been utilized by banks in Nigeria. The study revealed that Nigerian Banks are implementing at least five computer security strategies and to that extent, they rarely experience any malicious attacks on their networks [7]. Nigerian banks are particularly keen on the utilization of IDS and firewall. 50% of the financial institutions are implementing Intrusion Detection and Prevention whereas 76.6% are implementing firewall [8]. A major IDS mechanism utilized is the Antivirus software. The financial institutions predominantly use Avast and MacAfee. They are useful in detecting and preventing the entry of malicious software in the system such as Trojan horses, computer viruses, and spyware. 100% of the financial institutions are particularly using the antivirus software. The result is that the banking institutions experience very minimal cyber-attacks.
In an article dubbed “Mitigating Cyber Threats to Banking Industry” Bhasin (2007) lays emphasis on the fact that in the advent of technological advancement, attacks on banking institutions have been on the rise and steps need to be taken to prevent the continuance of such attacks [9]. He indicates that banks need to conduct a risk assessment and consequentially, steps ought to be taken to detect and prevent the cyber-attacks. Some of the detection and prevention systems as outlined herein include firewalls, anti-virus software, and HIDS, and NIDS. Essentially, these mechanisms are useful in mitigating cyber threats to banking institutions.
It is also important to take notice of the fact that institutions such as banks have the primary interest of actualizing profit while incurring minimal expenses. Banking institutions have come to the realization of the fact that profits always hang in a balance when the network security resources of the company are not protected from the internal and external security threats to the networks. In this regard, for a long time; banking institutions have sought to invest heavily on information security resources. This is in recognition of the fact that in the present times, the financial sector has more to lose in the advent of heightened insecurity in the cyber space. In an article dubbed, “Institutional pressure in security management: direct and indirect influences on organizational investment in information security,” Cavusoglu et al (2015) acknowledge the fact that even a minute security breach can result in irreparable damage to banking institutions which may resultantly lead to significant corporate liability, reduced revenues, and lost credibility [10]. As a result of this, many financial institutions have rated information security investment and IT infrastructure as the forefront priority. This article provides an illustration of the extent to which the prevailing financial base of a company has a significant bearing on the information security investment made by the organization. The resources thereto have a substantial effect on the preventive and detective solutions adopted in response to any internal and external threats that the organization may be faced with at one time or the other [11]. This essentially speaks to the fact that the more the organization has a strong financial base the more likely it is to experience sophisticated attacks from criminal elements in the cyber space. This then means that such organizations have the strong incentive of using sophisticated information security control resources (ISCR) so as to ensure that their networks are secured from both internal and external threats.
Zahoor, Ud-din, and Sunami (2016) provide a detailed
exposition on the inherent threat to cyber security especially with respect to banking institutions and the apparent need for the utility of the most novelty cyber infrastructure towards ensuring that the cyber security threats towards banking institutions are mitigated. The authors specifically make reference to IDS and firewall and they illustrate that these two mechanisms are effective in detecting and preventing cyber-attacks. Firewalls in particular serve the purpose of reducing attack vectors “by limiting inbound and outbound communications” (26) [9]. The four primary firewall types that are effective for banking institutions include; Stateful Inspection, Packet Filtering, application level firewalls, and proxy servers [12]. Any of these products may have features of one or more firewall types [13]. IDS, on the other hand, serve the purpose of detecting and preventing any inherent intrusions, as well as, detecting any misuse of information (internal attacks) [14]. The implementation herein is through the use of NIDS detection methods. Effective implementation of IDS and firewall serves the purpose of mitigating the cyber threats that are faced by banking institutions. As alluded to in figure 2 below, NIDS serves the crucial purpose of alerting the administrator in case there is an abnormal activity going on in the network. The administrator then plays the role of applying any of the above stated firewall types to prevent any inherent attack.
Figure 2 [15]
Result and analysis
The continuous growth in technological advancement has meant that banks are placed at a disadvantages position because criminal elements are particularly targeting them. There is a growing list of cyber-attacks that have been made against banking institutions around the world. Banks have, therefore, been required to take action towards protecting their cyber networks. IDS and firewall are effective modalities in detecting and preventing network intrusions.
IDS serve the purpose of monitoring the events that occur in a computer network so as to detect any possible incidents before they happen. If there is a sign of a possible incident, notification is sent to the administrator. IDS serve the defensive-aggressive role of protecting client information, as well as, the network of the organization. There are instances when IDS serve the purpose of disconnecting malicious connections, as well as, blocking malicious traffic. It is, therefore, apparent that IDS serve the three-fold purpose of monitoring, analyzing, and reporting. IDS are effectively implemented through Network Intrusion Detection Systems (NIDS) and Host Intrusion Detection System (HIDS). NIDS protects the entire network as a whole by monitoring traffic to and from devices within that network. Any irregularities or suspicious activities are reported to the administrator. HIDS, on the other hand, monitors activities from particular computers within the network. The HIDS software is placed in every individual computer. Apart from monitoring, HIDS serves the purpose of blocking the users of the computer from making certain actions. This means that those respective actions can only be implemented by the administrator.
Firewall, on the other hand, prevents the entry or completion of the attacks. Essentially, once an attack has been detected and a notification or warning has been sent to the admin, firewall serves the purpose of helping the admin to act on the threat by placing hindrances to the completion of the threat.
Essentially, when there is a threat, the firewall is activated so as to act on that threat and consequentially protecting the network. The image below is an illustration of the important role played by firewall and IDS in mitigating cyber-attacks that are targeted on a financial institution.
Figure 3 [16]
It is also important to take notice of the fact that the information security control resources incorporated by banking institutions depends on the overall financial base of the institution. This essentially means that institutions that have more resources and a wider financial base invest in sophisticated IT security resources since they are more susceptible to sophisticated attacks and have significantly more to lose when such attacks are actualized. The heavy investment is also because of the fact that the institutions ideally have more resources to spend on the IT infrastructure. Whereas Nigerian banks utilized the readily available IDS mechanisms such as Avast and MacAfee with great success, the same may not be successfully used in the American banks since more resources are at stake and the institutions are in danger of more sophisticated attacks. In recent times, for instance, American banks have fallen prey to Russian hackers and millions of dollars have been lost as a direct result. It is, therefore, prudent that detective and preventive mechanisms be utilized in due recognition of the respective financial base of the banking institutions and the respective prevailing circumstances thereto. Ultimately, the more a banking institution grows, the more it needs to invest in formidable IT infrastructure.
Similarly, one of the standard procedures that must be complied with by all banking institutions is the through auditing of the potential external and internal risks that an institution faces. This will inform the degree of detection and prevention measures put in place to prevent the occurrence of cyber-attacks. It will also inform the institution regarding the amount of resources that will need to be allocated towards IT infrastructure.
Based on the foregoing, it is apparent that every banking institutions should take critical steps towards implementing the most novelty IDS and firewall types. The review of literature speaks to the fact that banking institutions that fully implement the IDS and firewall software significantly minimize the chances of cyber-attacks. With respect to the utility of the HIDS and NIDS; it is imperative that banking institutions ensure that both versions of IDS are implemented in the organization’s network. This is in recognition of the fact that both IDS types have unique features that cannot be replicated by either side. Essentially, whereas the NIDS serves the purpose of protecting the network against external cyber criminals, HIDS particularly serves to protect against any internal attackers. For instance, when HIDS is installed in the individual computers within the organization, certain applications that would potentially lead to phishing of client information is blocked since the admin is able to keep watch of all traffic to and from the individual computers.
Conclusions
The advent of technological advancement has meant that criminal elements are now using the cyber space to perpetrate harm on various computer networks. Particular focus in this regard has been on banking institutions. They have been subject to various attacks which have resulted in the loss of large sums of money. In a latest attack, a Russian hacker attacked about 1 million computers in the US and stole over $100 million from various organizations in the US and in various other part of the world. The need for a detective and preventative mechanism is, therefore, self-evident. IDS and firewall play a crucial role in detecting and preventing the cyber-attacks. It is imperative that banking institutions fully utilize IDS and firewall systems such as Network Intrusion Detection Systems (NIDS) and the Host Intrusion Detection System (HIDS) to detect and prevent cyber-attacks on their networks.
References
|
[1] Ponemon Institute. "2015 cost of data breach study: Global analysis." (2015). [2] PYMTS. FBI puts up $3 million Bounty for Wanted Russian Hacker. PYMTS, 2017. Retrieved from [3] P. Mehra, “Controlling Attacks and Intrusions on Internet Banking using Intrusion Detection Systems in Banks,” International Journal of Advanced Research in Computer and Communication Engineering., Vol 4, issue 11, pp. 346-348, Nov 2015. (p. 346). [4] P. Mehra, p. 347. [5] P. Mehra, p. 347. [6] R. Magalhaes, “IDS Functionality,” TechGenix. Retrieved from http://techgenix.com/hids_vs_nids_part1/ [7] Z. O. Ogunwobi., O. S. Folorunso, and O. Alebiosu. "Evaluation of Computer and Network Security Strategies: A Case Study of Nigerian Banks." OcRI. 2016., p. 85. [8] Ogunwobi, Folorunso, and Alebiosu 2016, p. 88. [9] M. Bhasin, “Mitigating cyber threats to banking industry”. The Chartered Accountant, 50(10), 1618-1624., 2007. [10] H. Cazusoglu, H. Cazusoglu, J. Son, and I. Benbasat, “Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources,” Information and Management, 52(2015), 385-400., 2015. [11] H. Cazusoglu, H. Cazusoglu, J. Son, and I. Benbasat, p. 390. [12] Z. Zahoor, M. Ud-din, & K. Sunami, “Challenges in Privacy and Security in Banking Sector and Related Countermeasures.” International Journal of Computer Applications, Vol 144, Issue 3, pp. 24-35, 2016. (p. 26). [13] Z. Zahoor, M. Ud-din, & K. Sunami, p. 26. [14] Z. Zahoor, M. Ud-din, & K. Sunami, p. 26. [15] N. Balaji, “Intrusion Detection System (IDS) and its detailed working function – SOC/SIEM,” GB Hackers on Security. Retrieved from https://gbhackers.com/intrusion-detection-system-ids-2/ [16] A. Mitra, “What is IDS or Intrution Detection System and How Does it Work? The Security Buddy, March 2017. Retrieved from
Appendix
|
|