NCJ Number
65127
Journal
BANKING Volume: 70 Issue: 5 Dated: (MAY 1978) Pages: 67-70
Date Published
1978
Length
4 pages
Annotation
DATA ENCRYPTION AND PASSWORD SELECTION, MAINTENANCE, AND PROTECTION CAN HELP SECURE BANKS AGAINST COMPUTER CRIMINALS WHO MIGHT USE THE DATA TO DEFRAUD A BANK, GAIN A BUSINESS ADVANTAGE, OR FOR POLITICAL PURPOSES.
Abstract
INDIVIDUALS WISHING TO STEAL FROM BANKS, DAMAGE A BANK'S ELECTRONIC DATA PROCESSING (EDP) OPERATIONS, OR SIMPLY OBTAIN INFORMATION CAN USE COMPUTER TIMESHARING SYSTEMS. SUCH SYSTEMS ARE EFFECTIVE TOOLS FOR PENETRATING A BANK'S COMPUTER WITHOUT DETECTION AND WITHOUT ENTERING THE BANK'S COMPUTER WITHOUT DETECTION AND WITHOUT ENTERING THE BANK'S PREMISES. LOSSES FROM FUNDS OR COMPUTER RESOURCE THEFT, SABOTAGE, MASTER-MODE EXECUTIONS, AND DAMAGE TO APPLICATION PROGRAMS COULD RESULT. SYSTEMS CAN BE PENETRATED THROUGH WIRE TAPPING, DISCOVERY OF THE CORRECT TIMESHARING TELEPHONE NUMBER, AND DISCOVERY OF USER IDENTIFICATIONS AND PASSWORDS. PROTECTION MEASURES INCLUDE THE ADOPTION OF A SYSTEM IDENTIFICATION CODE (SYSTEM ID) WHICH ADDS AN ADDITIONAL LEVEL OF PASSWORD PROTECTION AND CAN EASILY BE CHANGED WITHOUT MODIFING USER IDS. TIMESHARING NUMBERS CAN ALSO BE ASSIGNED; THE SWITCHBOARD OPERATOR CAN EASILY RECOGNIZE THESE NUMBERS AND REFUSE CONNECTIONS TO THOSE EXTENSIONS. OUTSIDE TIMESHARING LINES CAN BE ENCRYPTED. GOOD PASSWORD SELECTION CRITERIA SUCH AS AVOIDANCE OF OBVIOUS CHOICES BASED ON COMPANY NAMES OR BUSINESS SHOULD BE ADOPTED. IN ADDITION, PASSWORDS SHOULD BE CHANGED REGULARLY, MASTER LISTS SHOULD BE PROTECTED, AND MEASURES SHOULD BE TAKEN TO LIMIT LOSSES ONCE THE SYSTEM HAS BEEN PENETRATED.(AOP)