Online banking has now become an important means of business innovation, channel expansion and competitiveness enhancement of commercial banks. Due to its low operating costs and convenient and fast transaction channels, online banking has formed an obvious substitution effect on traditional over-the-counter outlets. At the same time, the security threat situation faced by online banking is still relatively severe, among which the more common security threats are mainly from Internet scanning and detection, denial of service attacks, phishing attacks, web page tampering, URL hijacking, worms and other malicious codes. etc., and security threats are increasingly focused on the application layer, such as SQL injection, cross-site scripting (XSS) attacks, etc. A serious attack threat could have some of the following impacts on online banking:
Internet banking business was interrupted. Hackers launch denial of service attacks on the online banking system, especially the more subtle ones such as TCP semi-connection attacks, which consume a lot of WEB server resources, resulting in users being unable to access websites and online banking systems.
Accounts, passwords, and funds were stolen. The intruder may obtain permission to read and modify data through the execution of malicious SQL commands; XSS attacks target the client and system administrator of the service provided by the Web business system, thereby obtaining administrator rights to control the online banking website, Or steal online banking user account password and other information.
Website pages have been tampered with. The network equipment, operating system, application software, etc. on which the online banking business depends will inevitably have some security loopholes. Attackers may use these security loopholes to launch attacks on the online banking system and tamper with the website pages, which will bring bad society to commercial banks. Influence.
How to carry out in-depth security defense against online banking attacks? Based on years of experience in bank security construction and a deep understanding of online banking business, TopIDP3000 series of high-end intrusion prevention equipment has been adopted to propose an in-depth defense solution for commercial bank online banking security. Hierarchical detection and protection. TopIDP3000 series high-end intrusion prevention equipment of Tianrongxin adopts advanced multi-core processor hardware technology, integrates functions such as intrusion detection and prevention, virus filtering, traffic control and URL filtering. The Internet banking access traffic of TopIDP is analyzed and filtered, and abnormal and suspicious traffic is actively blocked, thereby improving the overall security of the Internet banking system.
This solution deploys dedicated high-performance intrusion prevention equipment at the Internet entrance of online banking, and is deployed in the Internet access trunk road of online banking in a serial manner. In-depth detection and protection of attacks and threat behaviors are carried out to ensure legitimate application access requests of online banking users and block illegal access requests or malicious attacks, as shown in the following figure:
Tianrongxin online banking security in-depth protection solution has the following features and advantages:
Tianrongxin TopIDP supports mixed deployment mode, that is, online serial deployment mode or bypass deployment mode can be adopted to give full play to the multi-purpose performance of one machine. Users can bypass and deploy the TopIDP product in key network areas according to actual needs. It can also be deployed in the front end of the core server in the network to protect the corresponding network resources. In addition, online serial deployment also supports transparent, routing, NAT and other modes, and customers can perform fine-grained configuration according to actual needs.
High Availability Design
Tianrongxin TopIDP products provide soft and hard dual BYPASS functions to ensure the smoothness of the link in various situations. Software BYPASS is started when the key process of the intrusion prevention engine is abnormal or needs to be restarted (such as software upgrade to restart the system, software failure, etc.); hardware BYPASS is started in the case of hardware failure or power failure of the intrusion prevention engine. way to ensure that the link communication is normal. TopIDP also supports the optical port bypass function (the optical port bypass switch product needs to be configured separately), which can make the two networks physically connect directly without passing through the IPS device through a specific trigger state (power failure or crash). In addition, in terms of link high availability design, TopIDP products of TopIDP support active-active, active-standby and load balancing deployment modes, improving the high availability of users’ access to the online banking business system from the link level.
TopIDP adopts advanced multi-core processor hardware platform + parallel processing technology + TOS (Topsec Operating System) with independent intellectual property rights
System), built-in processor dynamic load balancing patented technology. In terms of software implementation, on the basis of the current multi-core processor hardware platform, TopIDP products successfully integrate parallel processing technology into TOS, a secure operating system with independent intellectual property rights of Tianrongxin, and integrate a number of invention patents to form an advanced multi-core architecture technology system . In addition, TopIDP adopts a multi-engine parallel detection mechanism and has five built-in detection engines, namely attack detection engine, virus and malicious code detection engine, application identification detection engine, URL filtering engine, and malicious website filtering engine. Improve detection efficiency. The public comparison test results show that TopIDP’s performance test results have reached the industry-leading level when the background traffic is 100% and the policy is fully enabled.
Powerful rule base
TopIDP has built-in five detection rule bases, including attack rule base, virus malicious code base, application identification rule base, URL rule base, malicious website library, etc. Among them, the attack rule base can detect and block more than 2,800 network attacks in real time, including overflow attacks, RPC attacks, WEBCGI attacks, denial of service, Trojans, worms, system vulnerabilities, etc., and can detect and accurately block the current mainstream in real time. Application layer attacks, including SQL injection attacks, XSS attacks and other hacker attacks; virus and malicious code rule bases cooperate with well-known antivirus manufacturers at home and abroad, and introduce the famous karpersky safestream (or Jiangmin) network virus into TopIDP products The library, using data flow-based detection technology, can detect more than 20,000 newly popular network viruses including Trojans, backdoors and worms. TopIDP products use a flow detection engine based on the target host, which can process IP fragmentation and TCP flow reassembly in real time, effectively blocking various attack methods of evasion detection.