It seems like in the online world lately, the hits just keep coming. The Target data breach, denial of service (DoS) and Distributed denial of service (DDoS) attacks and most recently the Heartbleed data leak. What’s a credit union to do?
DoS and DDos Attacks
DoS and DDoS attacks involve fraudsters targeting a
server/system and then saturating it with external communications requests.
They send so many that the system can’t respond to legitimate traffic, or
responds so slowly that it essentially becomes unavailable. These attacks
typically target websites or services hosted on high-profile Web servers such
as retailers and credit unions.
CU Solutions Group takes any and all Web security attacks
seriously. As far as DoS and DDoS attacks, we have strong mechanisms in place
to mitigate these attacks: Enterprise Radware IDS/IPS is on our network edge
and inside the load balancers; as well as Juniper AppSecure and other
Enterprise class devices to stop DoS and DDoS attacks from affecting our clients’
sites.
Heartbleed
Heartbleed is what’s called an OpenSSL bug which basically
lets a hacker eavesdrop on communications, steal data directly from the
services and users, and impersonate services and users. In response to
Heartbleed, we have reviewed our networks and hosted solutions, and have
determined that the bug has no impact on any devices and systems that we
manage.
In an effort to assist all CU Solutions Group website
clients, we are offering the following information, which can be passed along
to your information technology staff or vendors. This vulnerability can be
quite daunting to navigate, and we would be happy to assist your credit union
if you have any questions or concerns. You can contact us at support@cusolutionsgroup.com if
you need any assistance. Below is information that can assist you and your
staff in determining where you may have issues related to the bug, and
resources from various vendors and security notification services. It is
crucial to review the following systems for this bug:
- Home Banking servers
- Website servers
- Firewalls, IDS/IPS devices, load balancers, and VPN devices
- APIs to third party service providers where data is passed between applications
- Any miscellaneous Web-based service that use SSL to secure your members data
Major providers like Yahoo, Google, Network Solutions,
Akamai, CloudFlare, Facebook, Instagram, Pinterest, Tumblr, Intuit, Dropbox,
Minecraft, Imgur, Flickr, RedTube, OkCupid and XDA were all impacted. While
these providers have all have been patched now, this does not mean that all
sites on the Web have been fixed, or that your data wasn't compromised before
they were. It is recommended that you change all passwords for these providers after
the vendor has patched the services.
No comments:
Post a Comment