Banks are highly regulated. And that makes sense, considering how intrinsic banking and money has become in our lives. They are regulated by the Securities and Exchange Commission (SEC) as to when, how often, and how much of their daily business they have to report. The SEC even regulates how the banks can be laid out. Did you ever wonder why the investment section isn't in the same part of the room as the tellers? Blame the SEC for that.
Banks are also regulated, even more specifically by the Federal Financial Institution Examination Council (FFIEC). Despite what you might imagine because of the recent scandals, these regulations are specific.
And now, according to Network World and Hacksurfer, banks also have to take on DDoS attacks.
A DDoS, or Distributed Denial of Service attack, is the most common and probably easiest way to take down a major institution’s website/network. There are Linux distributions that come with DDoS tools built in, and the system is optimized to use them. They're called Penetration Testing, or pentest. There’s even a Linux build for the Raspberry Pi. They've got a magazine and everything.
ALGORITHM, my movie, deals with just these kinds of tools, how they are used, and what their use means to the world.
A DDoS attack works as follows: when computers talk to each other, they first have to establish that they want to talk. Computer A will say, “Hello,” and then wait until Computer B says, “Hello. What do you need?”
If computer A doesn’t wait for Computer B to respond, but instead, keeps saying “Hello,” over and over again, faster than Computer B can respond, Computer B puts hello requests in a buffer, so it can deal with them one at a time. If the barrage continues, the buffer can overflow, giving Computer A access to Computer B that Computer A isn’t supposed to have.
There’s really very little that can be done to deal with a DDoS. Of course, there are safeguards that can and have been developed lately. But, within months of those safeguards being implemented, hackers have found a way around them.
The only real way to block a DDoS attack, for certain, is to have way more computing power than the attacker. Places like Google and Facebook are nearly invulnerable to DDoS attacks because they have hundreds of thousands of computers waiting at the door to say, “Hello. What do you need?”
What are banks supposed to do? Some of the larger banks might be able to build data centers. But, smaller, local banks don't really have a chance. Their only option will be to put in exactly what the FFIEC requires, and no more. Or, they could outsource.
'Security_News > 해외보안소식' 카테고리의 다른 글
| 통신위성 터미널에 취약점 발견 (0) | 2014.04.20 |
|---|---|
| 디도스 공격, 봇넷에서 증폭/반사 방법으로 이동 (0) | 2014.04.20 |
| 하트블리드 취약점 공격해 캐나다 국세청 데이터 접근 (0) | 2014.04.17 |
| Update Adobe Reader app for Android to Patch Remote Code Execution Vulnerability (0) | 2014.04.16 |
| Samsung Galaxy S5 Fingerprint Scanner Easily Get Hacked (0) | 2014.04.16 |