Penetration testing and vulnerability assessment on the Namibian inter-banking system: Namswitch
Loading...
Date
2023
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Namibia
Abstract
Information Technology (IT) has become crucial to the operation of modern
businesses. Financial service firms rely on IT to deliver services to their customers. In
the Namibian context, the Bank of Namibia and the Payment Association of Namibia
have discontinued the use of cheques as a payment method and provided Electronic
Fund Transfers, cards, and electronic money as alternative payment methods. This
means that the Namibian Payment System (NPS) now solely relies on IT in order to
deliver services to its customers. The Namibian inter-banking system, known as
Namswitch, is classified as an Information Service Provider to the NPS, enabling inter communication between Namibian financial institutions. Often, the target of
cyberattacks are financial institutions and hackers with malicious intents are
continually attempting to infiltrate their IT systems. As such, the financial services
industry has unique information security requirements, and banks in particular conduct
more stringent due diligence and due care in order to ensure the confidentiality,
integrity and availability of their services. In order to address these security challenges,
this study sought to explore ways to proactively strengthen and enhance the
cybersecurity of the Namswitch system by evaluating the system’s security posture by
proposing remedial actions, and further proposing a framework to automate and
perform routine penetration tests in order to prevent future cyberattacks. The findings
revealed the presence of vulnerabilities on the Namswitch system, some of which
posed a high severity rating according to the CVSS risk rating. An example was the
presence of default credentials on some internal systems and the use of low to medium
strength ciphers on the external systems. A malicious user can leverage these
vulnerabilities to perform attacks such as man-in-the-middle attacks. In an effort to
strengthen the cybersecurity of the Namswitch system, the study provided a
Namswitch Safe Financial Exchange (NAMSAFE) Protocol which is an algorithmic
process aimed at remedying identified vulnerabilities and improving existing
processes. It further outlines remedial strategies, risk mitigation steps, and
compensating controls for vulnerabilities that could not be eliminated. Successfully
implemented, NAMSAFE provides a prescriptive methodology for maintaining
ongoing reliability and robustness to the Namibian banking system
Description
A thesis submitted in partial fulfilment of the requirements for the degree of master of science in information technology
Keywords
Cybersecurity, Banking sector, Pen testing, Vulnerability assessments