Quick links

Tel :010-82779088

Fax :010-82779000

E-MAIL:venus@venustech.com.cn

金融

Up to present, Venustech has successfully provided security services, products and solutions to the People's Bank of China and all the state-owned joint stock commercial banks, policy banks, 80% of the national joint stock banks, and over 50% city commercial banks. In addition, these security services, products and solutions are widely employed by assets management companies, insurance companies, security funds and other financial institutions. Venustech gateway products protected billions of users’ transactions of more than 200 financial institutions. Over 300 financial institutions use threats management products of Venustech to strengthen their management of internal information security.

1.1 Building a prevention system against intrusion of banks' intranet

Background

With the growth of the different business of the visits, continuous deepening of the internal and external network security requirements, a higher demand applied on the network perimeter instrusion detection and prevention. Typically, each branch within its jurisdiction has access to the internet for internal employees. Most of these environments are physically independent from the banks' network system. Under such mode, it is difficult to realize unified management of endpoint security, network security protection, scope of access authorities, and online behavior of users have access to the internet. It is hard to guarantee the safety and effective use of the internet by users in and outside the banks. Therefore, the headquarters of the bank would plan to integrate internet access of various first tier branches to meet the need of internet access and strengthen protection in security boundaries.

Solutions

Establishment of centralized internet outlet in first tier branches and measures such as network isolation control, internet access control and users management can ensure business visit and logic isolation between internet and banks' intranet. Two NIPS with the mode of HA active-standby are deployed in the internet outlet. Each of the NIPS is connected to an ISP. With IPS and anti-virus modules enabled, security protection of users' intranet and internet access maintain security protection in the boundaries of the internet.

The deployment of two NIPS with HA active-standby mode enabled acts as a necessary protection of the internet boundaries and realizes effective control of risks related to internet access.

1.2 Building a prevention system for banks' website and intranet

Background
 
At present, the network and information capacity building of banks have entered into a new stage mainly feature are system integration of comprehensive businesses and centralized data. Businesses of banks are increasingly dependent on application of information technologies. Information security is  facing a more grim situation than ever before. The website system faces attacks that are spread  through application layer, more complex and with  changing means. In the meaning time, a unified security testing mechanism, which is compliant to government regulations, shall be established for testing and analyzing intrusions in the network system automatically to enhance the security of the whole system.

Solutions
 
.To protect the safety of the bank WEB system, We should take the initiative block for the development of the IPS at the site export as a security defense tool. Network worms, overflow attacks, database attacks and network equipment attacks and a variety of deep attacks need to be blocked.
IDS deployed in the intranet to collect and analyze information of various security events in the network. The results of analysis are submitted to administrators to help them plan and build security capacity. The IDS can also provide appropriate recommendations for handling the event. IDS provides independently deployable report analyzing module, which integrate nearly one hundred report templates and customable combination of report types. 

Comments

After the implementation of the bank projects, firewall, IDS, IPS, Anti-virus gateway and other equipment together constitute a complete defense in depth system. It ensure safety and continuous operation of the website information system and intranet system. Tianqing IPS and IDS feature powerful functions, simple operation, friendly user interface, excellent technological heritage and total technical support team. They are reliable network security products that make users worriless.


2. Information security building for online banking

Background

In order to improve the competitiveness of enterprises, many banks have launched online banking businesses. However, the security of online banking operations must be ensured to meet the requirements of normal operation. Thereforeit is necessary to evaluate and take inspection of the system and network risks, application risks, internal management and control risks faced by the online banking system on the line before.

Solutions

Through the online banking system security policy management system, systems, business continuity, contingency planning, risk early warning of security risk assessment and found a bank in the Internet banking system security risks and security risks, and the correspondingrectification suggested that the rectification of safety through the deployment of a full range of products of the Venus company IDS, Audit, UTM. The figure below shows the solution.

Comments
 
The online banking is directly facing the internet and directly  relate to the vital benefits of online banking users. It is absolutely necessary to  have risk assessment before being online. It is only possible to treat the symptoms but also cure when we can identify the problems. The design of double chain deeps protections embodies the determination to ensure online banking security.

1 Security solutions for centralized      banking data

Background
 
With the  construction and development of information capacity, banks have a progressive realization of the centralization at the national/provincial level. Such integration enhances operational concepts and is beneficial to prudent operation and deep mine of benefits, providing high quality financial services to the general public. However, the integration has also brought new challenges for network and data security, which require all levels constitute of the  infrastructure, network, host, application and system boundary to have early warning, protection, detection, response and recovery, enhance the capacity in dealing with security events and minimize losses in case of the events.

Solutions
 
In addition to the Firewall and Anti-virus security measures deployed by the client, Venustech designed and deployed IDS, Tianyue network security audit system and Tianjing vulnerability scanning system. The figure below shows the deployment:


The network intrusion detection is capable of:
 identification of suspect network attacks: ensure network security protection;
 analysis of network attacks: in case of unauthorized access to the server, IDS can provide characteristics of the attack and replay the attacks by entries to avoid second attack;
 alleviate possible threats: deployment in special network, it can identify threats according to actual situations or suspected threats. Total protection is realized with strategic blocking and other security products.

The deployment of business operation and maintenance audit system in key server areas of Shanxi Rural Cooperative realizes identity and behavior audit of operation and maintenance staff for the cooperative. It provides a centralized  management tool targeting operation and maintenance staff of contractors and fine grain control of account and authority. With the unified data storage and audit analysis platform, the internal control is strengthened.

The Tianjing vulnerabilities scanning system deployed in the administrators area can identify distribution of vulnerabilities in all equipment in the whole network. It carries out scheduled or random scanning of network and various systems and provides administrators with the latest vulnerabilities report, based which administrators can take corrective measures accordingly to strengthen and optimize the systems.

Comments

Network layer security is the foundation of the whole security framework. With data integration in the financial sector, the first thing need to do is to strengthen the protection in the network layer, after which the system layer and application layer should also be fortified.