Network Controls between the End User and CSI

• TLS Protocol: All Digital Banking activity uses the Transport Layer Security (TLS) protocol. TLS is a set of formal rules describing how to transmit data to provide encrypted communications over the Internet. TLS protocol utilizes public-key cryptography to ensure privacy for the data moving between the browser and CSI Digital Banking servers. This protocol allows for the transfer of digitally signed certificates for authentication procedures and provides message integrity ensuring the data cannot be altered in route. By convention, the URLs for the web pages that require an TLS connection start with https, instead of http.
• Certificate: The CSI Digital Banking websites have a certificate that is 2048-bit SHA-2 and only accepts TLS1.2 connections and dynamic, session-based Elliptic-Curve (ECD) ciphers.
• Public-Key Cryptography: Public-key cryptography is used for encryption and server authentication. Encrypted messages provide protection against anyone eavesdropping; even if the information is intercepted, it is unreadable. Authentication identifies the origin of the information and that it has not been altered. Authentication also provides an extremely valuable tool in network security: verification of the identity of an individual. When an account holder wants to initiate a transaction, the browser is used to send a secure message via TLS to the web server. This method assures account holders they are communicating with the web server, and not a third party who is attempting to intercept the transaction request.
• Secure Network: All Digital Banking traffic must pass through a firewall, and filtering/screening routers. Traffic through the firewall is processed to a special proxy system, which operates similar to a filtering/screen router and verifies format, source and destination of each information packet. The proxy then changes the IP address of the packet and delivers it to the appropriate site. This protects inside addresses from outside access and makes the structure of CSI's perimeter networks invisible to outside observers.

  To understand the importance of this structure, think of Digital Banking as having a front door and a backdoor: The Firewall provides security at the front door and the Filtering/Screening Router provides security at the back door.

• Web Application Firewall: CSI employs an industry leading web application firewall to block common web-based threats such as those in the OWASP Top 10 for web applications and services. These web application firewalls are configured to inspect unencrypted and encrypted web application/web service traffic. The system receives real- time threat intelligence to aid in the prevention of known and zero-day web application attacks.

70018