CoNetrix is a full service computer networking, security and compliance firm built on the principles of integrity, innovation, and initiative. We specifically serve financial institutions as well as enterprises requiring a high level of security in their operations. Our employees are diligent in preserving the highest caliber of integrity, unassailable professional conduct, and personal conduct that is beyond reproach. Our entire business is based on trust that we will deliver on expectations, agreements, and promises.
One of the challenges community banks face in selecting an IT audit partner is the confidence they are comparing apples to apples when reviewing security-testing proposals. Not only do the definition of terms vary, some audit firms sell an "IT Audit" that is nothing more than a GLBA regulatory compliance audit. Though confirming your Information Security Program meets your examiners' expectations is important, an audit without a thorough internal network assessment really is not an IT audit. Your technical controls like patch management, malware protection, user access controls, Internet content filtering, file access controls, etc. are where the rubber meets the road. If these controls are not functioning as intended, it becomes a moot point you have them faithfully listed in your InfoSec Risk Assessment and Policies.
CoNetrix is pleased to announce two candidates for consideration in the BankNews 2018 Innovative Solutions Awards. The 2018 Innovative Solutions Awards, sponsored by BankNews, recognize companies that have introduced or significantly enhanced products designed to help community banks become more efficient, expand their capabilities and, ultimately, better serve their customers. The Innovative Solutions Awards are presented in five categories:
What is Colorado Cybersecurity Regulation (HB 18-1128)? On January 19, 2018, the General Assembly of the State of Colorado introduced House Bill 18-1128, Concerning Strengthening Protections for Consumer Data Privacy. The regulation was signed into law on May 29, 2018 and goes into effect on September 1, 2018.
We had a customer report that all browser windows were closing for users and this was increasing in frequency. Most of the users reporting the issue were at the corporate office, which has about 150 users and is where the IT department is located. I performed a remote session with on the users and confirmed the issue. Internet Explorer, Chrome, and Firefox all would close, not crash, at the same time.
Several months ago, I stumbled across a comic that was a perfect representation of the battle institutions and IT departments face every day. It was a boxing ring, with a ring announcer introducing the participants in the corners of the ring. One corner contained firewalls, encryption, antivirus software, and other layers of data security while the opposing corner contained "Dave," a hapless user wearing a shirt emblazoned with the words "Human Error." This comic is both funny, because many of us know a "Dave," and disheartening, because no matter how much money and time are spent on network layout, configuration, and security, the harsh reality is it only takes one user on the other side of the mouse, clicking on the wrong item, to wreak havoc on your network. While incidents are still going to occur, they can be reduced with routine and thorough employee security awareness training.
How do you know what due diligence documents to gather from each of your vendors? There are many methods available, but some result in more accurate documentation than others. Today, I'm going to review two of the primary methods and discuss the effectiveness of each method. Method #1: The Bucket Method
We recently moved a customer from a datacenter at one of their locations to a large datacenter in the Dallas/Ft. Worth area. One of the devices we moved was a Meraki MX84 being used as a VPN concentrator. A VPN concentrator works by extending the network the VPN concentrator is on to the access points. Basically, wireless clients at all locations get an IP address on the same layer two network. This is important for a few reasons. First, the VPN concentrator needs to be in it's own VLAN/DMZ. Second, something on the layer two network the VPN concentrator is connect to needs to be handing out DHCP addresses. In our case, we used a Fortigate UTM to run the DHCP server for that subnet. Third, traffic needs to be allowed outbound to the Internet from all clients on the VPN concentrator layer two network so clients can connect to the Internet. The traffic is tunneled from the access points to the VPN concentrator, so the traffic does not intermix with the normal network traffic.
As a part of a recent data center move we had to reconfigure several APC management cards. The first thing that I did to each of these NMCs was to reset to factory defaults and update the firmware.
I've been in banking for over 49 years and have worked with a lot of outside audit and consulting firms over the years and I have to say that CoNetrix is one of the most efficient and professional firms I have ever worked with.
$230 million Bank in Virginia
We could not be happier with the service and report quality that we get!!! Also, I love Tandem and have seen first hand how it has helped with our regulators and their understanding of our system.
$190 million Federal Reserve bank in Texas
Our CoNetrix consultant is awesome to work with and extremely knowledgeable and helpful. It would be extremely difficult to review and update our Information Security Program each year without his help and experience.
$440 million Bank in Texas
You all do an awesome job helping get this updated and documented. I have recommended you to many. Keep up the great work.
$500 million bank in Texas