Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites.
Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. For avoidance of any doubts and to make it easier, you may consider any links to external websites as sponsored links. Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


By Ronen Kenig/Safe-T

Customers are demanding the convenience of direct access to their data using their mobile devices, and banks are revamping their IT infrastructure in order to launch self-service applications for opening new accounts, applying for loan, mortgages and other retail banking functions.

However, sharing information through the corporate banking network also introduces security risks. As more and more sensitive data from the internal network is duplicated in the DMZ (demilitarized zone), this perimeter network designed to be a buffer zone has become a prime target for hackers.

The Dmz As A Liability For Banks
The Dmz As A Liability For Banks

Recent data breaches, including the famous Target incident where data from 40 million debit and credit cards was exposed has raised public awareness of the possible risks.  One bank executive feared that thieves who managed to steal encrypted personal identification numbers (PINs) would make fraudulent withdrawals from consumer bank accounts.

Whenever there is a breach that could result in compromising consumers’ bank accounts this news winds up on the front page of The New York Times, and banks want to take whatever precautions are necessary to avoid the resulting financial losses and brand erosion.

With the increase in online banking the DMZ, initially intended for housing non-confidential, static information for external access has become crowded with servers containing highly sensitive enterprise data.   Bank statements are stored in the DMZ before being sent to customers exposing customer personal data and financial information. In addition synchronization of account information between bank branches also requires duplication of data in the DMZ increasing the risk of identity theft and the loss of sensitive financial data.

A streamlined DMZ, designed for security

The fundamental security vulnerability in most DMZ implementations is caused by the fact that the DMZ’s network ports remain open to the Internet. As a result, they expose the entire network to external attacks. Hackers relentlessly scan networks for open ports to exploit in order to gain access to the internal network from which they can steal data.

Although firewalls and proxy servers monitor and filter all incoming communications, the fact that the ports remain open makes the entire network susceptible to external attacks. Malicious code, which continuously evolves and becomes ever more sophisticated, can be embedded in legitimate communications in order to exploit design, implementation and configuration weaknesses and circumvent these monitoring and filtering mechanisms. Even if all security mechanisms are kept current and validated vigilantly, the reactive nature of identification of threats and creation of counter-measures creates windows of opportunity for external threats to defeat the network.

In addition to security vulnerabilities, the DMZ network configuration also imposes a costly operations burden on the enterprise. To use the DMZ network to protect against external threats, data and services in the internal network must be duplicated in the DMZ. This duplication requires additional hardware and software, as well as perpetual replication processes to ensure that data is synchronized between the internal network and the DMZ. This additional hosting and synchronization requires a complex layer of data and network operations which can be complicated and costly to manage.

A streamlined DMZ can eliminate these weaknesses. By utilizing two nodes, one on each side of the firewall, requests can be received and data can be streamed rather than the traditional method of storing sensitive data in the DMZ. Using this method there is no need to open inbound ports on the internal firewall. As a result, there is a complete blocking of any network or Layer 4 based attacks such as port scanning, ICMP scanning, and TCP based attacks.

The external node does not need to run an application in order to handle incoming sessions, but utilizes instead listener technology making it impossible to hack into and take control of the external node to initiate attacks.

Before making any significant changes to the way enterprises store and transfer sensitive information, the role and architecture of the traditional DMZ has to be evaluated by each organizations’ IT and security teams. When appropriate, by deploying a streamlined DMZ, IT managers can provide improved security, while reducing the DMZ’s hardware and software footprint simplifying network management and business operations.

About Safe-T: Safe-T is a fast growing information security start-up with a vision to protect data in transit and at rest by securing business workflows in the most simple and seamless way. Focused on providing security solutions for enterprises with a focus on financial institutions, Safe-T enables organizations to benefit from enhanced productivity and efficiency, heightened security, and improved regulatory compliance. With offices in North America, Europe and Asia, Safe-T provides solutions to insurance companies, financial organizations, healthcare, universities, public safety organizations, manufacturers and technology transfer companies, enabling them to protect intellectual property, improve operational efficiency, ensure compliance and reduce IT costs.