Remote Access and Service Risk Control Solutions for Financial

 

A bank’s internal network structure consists of the business network and office network. In the business network, the operating server and business server connect to the network centers of branches through the center switch, and provide various services for customers in each operating or public network. The medi-server connects to external institutions, such as operators and securities enterprises, to realize a business cooperation platform. The internal office network allows users in the bank center to complete their daily work and access internal business systems, such as the e-mail and financial systems.

Based on rapid business development, the banking sector demands and naturally tends to construct a safer network system. The banking network architecture needs to be centralized longitudinally, while the business network needs to be physically integrated and logically isolated.

As financial services and business applications diversify and emerge, banks networks are exposed to multiple risks.

 

Risk 1: From External Organizations
Business development is not only restricted to longitudinal development within the banking system. External businesses expand, adding various service functions. External business organizations, however, cannot be trusted completely. Thus, mutual connections between banks and these organizations bring with it various risks and threats.

 

Risk 2: From the Internet
Financial business development increasingly depends on the Internet. For example, Internet banks and Internet transaction systems interact with banks online. Employees also need to access the internal e-mail system and OA online when out of the office or on a business trip. The Internet, however, is open and badly regulated. Thus, the banking network is threatened by potential security hazards.

 

Risk 3: From the Internal Bank
Financial networks comprise business and office networks, which are isolated for security with many measures. Employees frequently need to access data on the production network through the office network, but employees vary widely in level and position. Thus, banking data is not secure.

 

SANGFOR’s Safe Access and Risk Management Solutions for Financial Sector
The SANGFOR VPN is a remote access device that gives users a secure and controlled access solution, reducing the risks of network access.

Typical deployment:

 

1. Providing Multiple and Efficient Authentication Management Systems

Network access safety rests with identity authentication and permission control that enables access to specified resources in the network. With the development of the financial business, a stricter authentication management system is required due to more user groups and the diverse access methods of the banking system.

The SANGFOR VPN controls access by combining a VPN authentication system and a CA system. It also guarantees secure data transmission by encrypting transmission channels with standard encryption protocols. The VPN device supports multiple authentication methods, such as LDAP/AD, Radius server, and short messages. In addition, the device integrates the user’s previous internal application systems through an improved open interface.

Diversified safety authentication methods can be combined for client authentication based on security levels, greatly ensuring that users legally access the network.

 

1. Providing an Efficient Management and Control Mechanism for Intranet Resources

As banks’ internal systems are various and complicated, different user accounts feature different permission levels to limit resource access. Thus, access to internal resources must be based on the appropriate management and control of different resources.

As for resource authorization, after users access the network, the SANGFOR VPN groups users and resources based on IP, port, service, UPL address and time. Then, the device associates the roles of the user (group) and resource (group) to precisely match permission and access.
In addition to management and control of resource authorization, the SANGFOR VPN can manage remote access through log audits and a behavior tracking engine. The device fully analyzes and summarizes the login behaviors of remote users through the third-party log server. Managers can directly display the times of hits, rejections, logins and alarms through multiple graphical methods - including pie charts, bar graphs and curve grams – which can be exported and printed.

 

1. Providing Quick, Stable and Secure Access

Mobile officing is a superior platform as it enables users to securely access information resources in the intranet through any terminal, anywhere, anytime. To ensure that remote data transmission is stable, an access device must achieve rapid and secure access in any network environment, especially in wireless or cross-operator networks.

SANGFOR’s remote access solution innovatively combines WAN optimization technology. Thus, the solution efficiently improves data transmission quality and ensures that remote access is safe and stable in any network environment.