Penetration testing and vulnerability assessment on the Namibian inter-banking system: Namswitch

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
University of Namibia
Information Technology (IT) has become crucial to the operation of modern businesses. Financial service firms rely on IT to deliver services to their customers. In the Namibian context, the Bank of Namibia and the Payment Association of Namibia have discontinued the use of cheques as a payment method and provided Electronic Fund Transfers, cards, and electronic money as alternative payment methods. This means that the Namibian Payment System (NPS) now solely relies on IT in order to deliver services to its customers. The Namibian inter-banking system, known as Namswitch, is classified as an Information Service Provider to the NPS, enabling inter communication between Namibian financial institutions. Often, the target of cyberattacks are financial institutions and hackers with malicious intents are continually attempting to infiltrate their IT systems. As such, the financial services industry has unique information security requirements, and banks in particular conduct more stringent due diligence and due care in order to ensure the confidentiality, integrity and availability of their services. In order to address these security challenges, this study sought to explore ways to proactively strengthen and enhance the cybersecurity of the Namswitch system by evaluating the system’s security posture by proposing remedial actions, and further proposing a framework to automate and perform routine penetration tests in order to prevent future cyberattacks. The findings revealed the presence of vulnerabilities on the Namswitch system, some of which posed a high severity rating according to the CVSS risk rating. An example was the presence of default credentials on some internal systems and the use of low to medium strength ciphers on the external systems. A malicious user can leverage these vulnerabilities to perform attacks such as man-in-the-middle attacks. In an effort to strengthen the cybersecurity of the Namswitch system, the study provided a Namswitch Safe Financial Exchange (NAMSAFE) Protocol which is an algorithmic process aimed at remedying identified vulnerabilities and improving existing processes. It further outlines remedial strategies, risk mitigation steps, and compensating controls for vulnerabilities that could not be eliminated. Successfully implemented, NAMSAFE provides a prescriptive methodology for maintaining ongoing reliability and robustness to the Namibian banking system
A thesis submitted in partial fulfilment of the requirements for the degree of master of science in information technology
Cybersecurity, Banking sector, Pen testing, Vulnerability assessments