Banc of America Article

Daniel Senie dts at senie.com
Wed Jan 29 18:10:55 UTC 2003


At 12:46 PM 1/29/2003, alex at yuriev.com wrote:

> > IIRC, the ATM system is similar to CC transactions. A best effort is
> > made to authorize against your account (Credit Card or Banking) but if
> > it fails and the transaction is within a normal range (your daily card
> > limit) the CC/ATM completes the transaction.
>
>         Too bad it is not the case, but lets presume that it is. How does it
>explain branches not being able to process direct withdrawals either?
>
>         The incident on hand illustrates that the design of our financial
>networks is broken. If a non sophisticated worm managed to create so many
>problems, what is going to happen should a real attack be mounted against
>the networks used by financial services?

Perhaps the bank bought VPN service with an SLA from a large network 
vendor. That SLA was not met due to network congestion. Said vendor will be 
responsible for reparations to the bank. That doesn't help the customers, 
of course. Now the bank COULD just use T-1 or faster circuits to all 
branches, but the network vendors are pushing VPNs (whether formed by IPSec 
tunnels, Frame Relay, MPLS, etc.) as cheaper alternatives. It would be 
foolish and irresponsible for the bank management to spend many times the 
amount of money.

Of course even the T-1 circuits can have problems. ATT did melt their 
telephony backbone on Martin Luther King Day some years back. So should the 
bank run their own fiber between branches to ensure they're OK in the event 
of an SS7 meltdown? Where do you draw the line? Which technology do YOU 
trust? Which can you afford?





More information about the NANOG mailing list