Security Audit for Bank IT Infrastructure

Infrastructure and Construction

Expertise in E2E Testing solutions for construction industry software solutions including use of RPA for sales process.

CONTEXT

A 100-year-old Indian bank with business worth over 1000 Cr sought to conduct a Network & Core Banking System (CBS) Vulnerability Assessment and Penetration Testing (VAPT). The project included a security audit of servers, systems, and IT infrastructure, following OWASP-10 guidelines for the CBS application, website, and email server. The engagement involved an on-site visit, a thorough review, and the provision of valuable security recommendations across branches and disaster recovery (DC-DR) sites.

Challenges

Solution

  • Conducted comprehensive internal and external network/CBS security assessments, ensuring compliance with CIS Benchmarks.
  • Provided secure configuration recommendations for VPNs, which were used by branches connected through the network.
  • Audited customized CBS applications and virtual servers in the testing environment to detect potential vulnerabilities.
  • Manually verified configurations of firewalls, routers, and switches to complement automated tools and ensure robust network security.
  • Used tools such as Burp Suite, Nmap, Nessus, and Metasploit to perform rigorous penetration testing, simulating various attacks on the system.

Value Delivered

  • Recommendations were provided to improve internal and external network/CBS security based on RBI compliance standards and corporate policies.
  • Penetration tests covered a wide range of components, including 22 servers (D.C.-D.R.), 4 VPNs and firewalls, 12 routers and switches, 180 end-user devices, 33 VMware servers, 8 other network devices, and the CBS application.
  • Adhered to OWASP-10 security guidelines to fortify the CBS application.
  • Technical findings from the system audit ensured adherence to RBI compliance standards.
  • Enhanced the security posture of the client’s IT infrastructure, safeguarding systems and client information across the enterprise.
Related Case Studies