返回 历史论文 首页
Analysis and Solutions on Computer Network Security of China's Commercial Banks

  (School of Economics and Management, Wuhan University, Luojia Mountain Road, Wuhan, Hubei Province, 430072,China)
  Abstract. With the rapid development of network technology and further liberalization of China's financial market, issues of network security are becoming increasingly important in the reform and development of China's financial industry. This article outlines and analyzes the status of network security of China's commercial banks, at the same time tries to put forward feasible solutions at this stage of network security, focusing on the effective security control strategies of the bank's external and internal network systems.
  Key words: Network Security, Commercial Banking Network, Control Strategy of Information Security
  1. Introduction
  With the development of information technology, commercial banking businesses gradually go to the centralized, intelligent, automated direction, all kinds of commercial banks are generally in the use of electronic banking systems, automatic teller systems, credit systems, clearing systems, statistical management systems, internal enterprise network systems, integrated business systems, which makes banking businesses more and more dependent on the network. It can be seen that the computer network really facilitate people's work and life, at the same time, information security issues have become increasingly prominent. A simple single-point security incident may be extended to the whole network system, resulting in an immeasurable loss, so the security of network is an urgent problem of China’s commercial banks.
  2. Status of Network Security of China's Commercial Banks
  2.1 Overview on Network System of China's Commercial Banks
  From the application point of view, the computer network systems of China's commercial banks are divided into four parts: Integrated Service Networks, OA Office Networks, Outreach Network of Institutions, and Internet. Their applications are as follows:
  (1) Integrated Service Network: carrying the major businesses of commercial banks, it is production network of commercial banks, with the highest importance, as well as the highest level of security.
  (2) OA Office Networks: carrying Notes, OA and other office operations, but now more and more businesses are carried on, such as loan business, and VIP customers business.
  (3) Outreach Network of Institutions: joining outreach agencies which have business dealing needs and commercial banks, and this part is a core of the information security management.   (4) Internet: carrying external information site for commercial banks, online banking transfer and Internet access needs should be noted that one aspect of the information security management.
  Commercial Bank of network access methods mainly divided into two parts: WAN access and LAN access. Which commercial banks under the respective business organizations and outreach agencies WAN connectivity, LAN is mainly an office platform for various departments of commercial banks. The adoption of a variety of techniques, flexible networking solutions for the commercial banks to provide a flexible communications platform, but also for the security of the network brings a greater risk.
  2.2 Information security risk profile of Chinese commercial banks
  For the modern financial system, more serious threats are from a variety of active attacks, the harms caused by a variety of attacks to the financial information system are the following:
  (1) From being compromised and theft. The use of burglary wiretapping, and the use of high-performance protocol analysis instrument to steal the operation of the computer system password crack the core of the system password to steal user account.
  (2) Information tampering. Unauthorized change of financial transactions during transmission, storage and cause the illegal consequences behavior is tampering attacks.
  (3) Counterfeiting and forgery. Counterfeiting and forgery is a common means of attack in the financial system. Such as forging all kinds of business information; unauthorized tampering with data; changing the order of business information flow, time, and flow direction; undermining financial information integrity; impersonating wantonly information and impersonating the implementation of financial fraud.
  (4) Replay. A transaction or, wherein part of the reusable means of such an attack is to produce illegal replay. For example, when entering the account number and password, the section of the message which contains the account number and password is intercepted by the attacker, and the attacker can replay this message to achieve attacks purposes.
  (5) Information to deceive the denial. Transactions to deceive the attacker issued by banking network packets of invalid transactions, trading center fraud decide in favor of the response of the attacker, or to modify the contents of the transaction packets, the destination, and the implementation of the transaction fraud.   (6) "Hacker intrusion". Hacker intrusion is similar to the network spies, but the former one does not have the political and economic purposes. They are just some computer fans adventures, who have proficient computer knowledge, to others programming vulnerabilities, intrusion financial information systems, access to a variety of information, tampering others information dissemination of confidential information in public online broadcast.
  (7) The harmful program. Hazardous procedures include computer viruses, worms (Worms), Trojans (Trojan horses), logic bombs, trap doors (Trap Doors) system destruction or unlawful operation of a computer program.
  (8) The use of the information flow and congestion. The attacker inserted in the gap of useful information harmful information which is harmful to seize the channel and network resources, business resources, resulting in channel, network congestion and application systems.
  3. Network Security Design Strategies of Chinese
  Commercial Banks
  Information security risks exist in the network system of more and more commercial banks in China, this paper attempts to explore the safety control strategies, and its aim is to achieve the security goals of the commercial banking network, to establish a set of line with China's commercial banks practical and feasible security systems, and to ensure the safe operation of commercial banking.
  3.1 Commercial Banks Outreach Network Security
  In accordance with information security standards, outreach agencies to take a separate device access strictly isolated and intranet, and access through the firewall and other security equipment, network topology shown in Figure 1 below.
  (1) Cisco37 series router + Related boards: securities, E1 access outreach agencies migrated and future access needs;
  (2) Series Cisco26 router certain + board for important outreach agencies access (CUP) and backup;
  (3) The original Cisco4000 continue to be used for the DDN special line access;
  (4) For the original dial-up server consolidation, unified planning.
  3.2 Commercial Bank's Internal Network Security Policy Control
  The commercial bank's internal business network and OA office network physical connectivity back up each other, and interconnection access needs. This requires us to target different audiences, the implementation of appropriate security control strategy to ensure network security.   Commercial banks under the various business organizations connected through E1 line Branch, Integrated Services Network and OA office network is carrying on the same line, DDN line of business data backup line; taking into account other possible applications, in order to ensure communication lines smooth to ensure the normal conduct of business, must implement QoS, security access control policy.
  1. QoS management strategy
  Integrated Services Network and OA office network play, a variety of business, a variety of data will be transmitted on the same line, it is necessary to develop appropriate QoS management strategies to ensure the normal conduct of business, so consider the following:
  · The data stream is divided into three video voice services by type of activity, the City consolidated net business, OA office business.
  · Three business data flow through the router configuration to grant different priorities: video and voice data stream the highest (IP Precedence 4) City consolidated net followed by business (IP Precedence 3), OA office data stream lowest (IP Precedence 1)
  · configured by the strategic plans, allocate guaranteed bandwidth of three data streams: video and voice (1200K), the city consolidated net (256K), of OA office (512K).
  · configure WRED (weighted random pre-testing) to ensure that high-priority data stream transmission quality.
  2. Route management
  For to take ordinary outlets E1 access, configure a floating static route line backup.
  3. Security management
  Configure access control lists, shielded dangerous port, control of access to the source and purpose of enhanced security management; larger branch of its LAN VLAN division by sector or regulatory agency because of the large number of computers, type of business, it is necessary partition, it is easy to manage, easy to ensure network security.
  The commercial bank's internal network topology is shown in Figure 2.
  3.3 Internet access security controls
  Commercial banks provide online banking services through the Web server for outside institutions, and provide access to Internet services on the line. Single card, on commercial banks through the Web server the single IP connected to the Internet. Foreign mainly display and convert online banking, foreign currency premium updated information through the serial port and within the network connected to a pre-serial obtained in order to increase the security of the system.   Commercial bank's internal computer is with Internet access on a separate network segment, this segment of the network and intranet is physically separated, a specific port access is limited to a specific period of time. It is strictly prohibited that computer across multiple network segments, or management and internal network security and other security. Take into consideration that the arranged within the network vulnerability scanning and intrusion detection equipment, network monitoring, timely detecting the problems, and its connection diagram is shown in Figure 3.
  4. Conclusions
  With the advances in information technology, virtualized and personalized services which are available on the Internet are becoming increasingly welcomed by the general public, network banks should also keep up with the pace of this trend by focusing on providing personalized services to the public. In Web2.0 , network banks need to strengthen the interaction with customers, and switch the center from bank to customers by making online self-service into a personalized, interactive service. In the future, the development of web3.0 has new demands on the development of online banking, requiring advances in a full range of services, cloud computing, e-mail, SMS, SNS, SD card, U-disk and solid-state storage technology, and the development of virtualization , digital products and services have become the basic elements of the information age. Therefore, the innovation of the Internet banking is advancing with the times, and the commercial banking network system security should be carried out simultaneously. The future development lies in the revolution of information technology, bringing greater challenges for the commercial banks to enhance network security.
  5. Acknowledgement
  This research was financially supported by one of the subprojects of National Natural Science Foundation of China: Research on Performance Assessment of Social Security System Network Based on the Risk Entropy Model (Item Number: 61170023).
  References
  [1] Kui Wang, 2013, Study on China's Commercial Banks Online Banking Security, Information and Communications, 1, 123, pp.31-32.
  [2] Yali Ma, 2008, Analysis of the Commercial Bank Network Security and Security Policy, Inner Mongolia Science Technology & Economy, 18, 9, pp. 24-26.
  [3] Ningbo Yinzhou Rural Cooperative Bank Task Force,2008, Discussion of Commercial Bank Computer Network Security Management , E-Finance,30(7), pp. 68-70.
  [4] Liu Feng , Zhu Jinwei, 2004, Exploration of Commercial Bank Computer Network Security, Network Security Technology and Application , 4, pp.21-25.
  [5] Shen Lixiang, Cao Guo, 2012, Network security evaluation model based on multi-person analytic network process in commercial banks, Journal of Computer Applications, 32( 2) ,480 - 484.
  [6] Qiao Lixin, Yuan Ailing, Li Shuxia, Yuan Yingjun, 2006, The Game Model for Reducing the Security Risk of Chinese Commercial Bank , Systems Engineering Theory and Practice, 30, pp.43–50.


【相关论文推荐】
  • Research on Computer Network Security and Protection
  • Analysis of China's energy security and economic strategy research
  • China's state—owned commercial banks corporate governance measures and research
  • Analysis of Increasing China Network Media’s International Communication Impact
  • Research on Computer Network Security and Prevention Strategy
  • Security of Computer Network and Measures of Defense
  • Application of Set Pair Analysis to Sport Event Risk Evaluation in China’s Commercial Horse Racing
  • The impact of rate liberalization in China on commercial banks
  • Rural Social Security System of China: Problems and Solutions