Current location - Trademark Inquiry Complete Network - Overdue credit card - Aren’t you afraid of leaks when using Oracle databases in domestic banking systems?
Aren’t you afraid of leaks when using Oracle databases in domestic banking systems?

A typical mentality that there are always unscrupulous people trying to harm me [a flash of inspiration]

The secrets are leaked to the point of non-existence. Generally, when domestic banks use Oracle, they will also purchase Oracle maintenance services, unless Oracle no longer wants to do business in China. Of course, due to the problems in Sino-US relations, some industries have begun to gradually transform their peripheral systems to use domestic databases, such as Huawei's Gauss 200. At the same time, domestic state-owned software companies are also deploying and developing domestic databases. I won't mention the company name, anyway. There is indeed this arrangement.

This is really a good question. When did the national core system decide to abandon Windows? The data in the banking system is too large and complex, and it is too difficult to get off the ship.

I am a coder in the financial industry, so I have a certain say.

In terms of databases, commercial software such as Oracle and SQL Server are used in the financial field, as well as open source software such as Mysql and Redis. These softwares have one frustrating thing in common: there are very few domestically developed databases.

With the rapid development of the Internet, the wave of informatization is sweeping across various industries. The substantial improvement in efficiency has completely subverted the existing work model. The companies that were the first to embrace change reaped huge benefits, making those who came after them envious and jealous.

No matter how information technology develops, it cannot avoid data storage. Data storage in relational databases is most in line with people's way of thinking. The leader among relational databases is undoubtedly the Oracle database.

Let’s go back to the subject’s leak question, that is, is the Oracle database safe? My answer is both safe and unsafe. It is safe because it is the best relational database. Common indicators such as ease of use, stability, availability, and recoverability have complete solutions. The reason why it is unsafe is that it is a foreign closed source software, and the Chinese people do not know whether it has security risks.

Technically uncontrollable, how can we avoid it? The answer is strict management control.

Not afraid.

It is physically isolated from the outside world, and there are a lot of technical means in the architecture to ensure data security.

But the trend of independence and control is unstoppable.

Intranet, physical isolation. It's useless to use the external network. It's just a matter of time before I want to mess with you.

There are many databases used in domestic banking systems, and the core systems generally use the old commercial databases DB2 and Oracle. Other systems also use Mysql, MongoDB and other databases. As for the data breach? Of course banks are afraid too. However, based on comprehensive considerations, commercial databases such as Oracle are still the best choice at present, and the security level may be improved step by step in the future. 1. Stability is the primary option

We all know that banks are important institutions in the financial system. Their systems cannot have problems at will, as any problems will affect the entire society. Therefore, for banks, stability is the top priority. Any innovation must be based on this. Commercial database software such as DB2 and Oracle can first meet the stability requirements of banks.

In China, banks are relatively early adopters of informatization. But at the beginning, when I didn’t have any experience, I could only learn and imitate from European and American countries. Foreign banks basically use Oracle and DB2 as their core systems. China naturally adopts the same plan as abroad. Most banks also adopted a complete set of IBM mainframe and minicomputer hardware, which were relatively popular at the time, coupled with DB2 and Oracle databases. 2. Security implementation methods

①. Manufacturer’s reputation

DB2 and Oracle have been used as the core database. For banks, it is already the best choice. Because, in the past, there was no domestic database that could be used.

Naturally, banks can only use the best databases in the industry, and big-brand databases such as Oracle and DB2 are widely used around the world. Manufacturers must also pay attention to ensuring safety, otherwise if something goes wrong, the whole world will be affected.

②. Technical control

In addition to the reputation guarantee of the manufacturer, the bank has taken many technical security measures. First, the internal and external networks are physically isolated. In this way, it is difficult to implement attacks on real-time connection to the database. Secondly, when it comes to preventing data leakage, banks certainly have many technical means to control it. At least, the data required by the external network is ferried through the gatekeeper of the internal network. What data can be ferried out is also strictly controlled by the bank. Finally, sensitive data in the database is also encrypted and stored. At the same time, a series of network security devices are deployed on the network to ensure system security. 3. Bank security needs to be upgraded

Although banks now have many technical means to ensure information security, DB2 and Oracle are always foreign closed-source commercial database software. If the software has vulnerabilities or backdoors, it is also a big risk for banks. Coupled with the changing international situation, banks are still worried about leaks, which means that the bank's security system needs to be upgraded.

So how to upgrade security? In addition to high-level system protection, we have also been advocating the use of safe and reliable software. This means that it is necessary to gradually move from commercial software such as Oracle and DB2 to open source or domestic database software. However, the stability of banks cannot be ignored, so banks can only gradually explore and gradually improve safety. At the same time, there is still a long way to go in the development of domestic databases. Summary

In short, in the early years, commercial databases such as Oracle and DB2 were the best choices for banks in terms of stability and security. In recent years, with the changes in the international situation and the development of technology, banks have gradually improved their security levels. In the future, commercial database software such as Oracle and DB2 will also be gradually replaced.

This is a systemic problem.

Some friends talk about physical isolation, but it seems that 100% isolation is not possible at present. Bank data centers provide services. How can they provide services if they are isolated? All branches, outlets, and ATMs need to be connected to the Internet and have access to the database, but they have different permissions.

It boils down to the fact that data security is related to database systems, computer systems, network systems, and staff, and must be protected in all aspects.

Domesticization of database systems is of course a must, but are there no loopholes in domestic database systems? If you don’t intentionally steal data, you can’t guarantee that it won’t be stolen by mistake. This needs to be tested more intensively.

Computer systems, including software and hardware, are the same.

In terms of network, the bank should rent the operator's line (virtual private network, VPN) to realize the interconnection of outlets. Encrypted transmission between outgoing and incoming points. If the encryption algorithm has not been cracked and the secret key has not been exposed, there is generally no problem. But after all, there is still an "if".

The problem with people is bigger. It’s not too difficult to buy someone off, right? This must be prevented through layer-by-layer review, mutual checks and balances, and ideological and political work.

Therefore, the security protection of information systems is comprehensive.

To use SWIFT, the international funds clearing system, it must be in line with international standards, so Oracle must be used.

Mrs. Lin Zheng was sanctioned, her credit card cannot be used, her salary is paid in cash, and she uses cash. There are so many national banks, but no one dares to take over.

Are there any other options?

Related articles
  • Bank of Communications credit card is controlled by the wind. It only takes one stroke to judge easily.
  • How to use CCB Lutong Credit Card at the gas station?
  • The Ping An Bank credit card I applied for should be opened at the business outlets. What if we don't have it here?
  • Is the interview of Pudong Credit Card (Debit Card) strict?
  • How to repay a credit card bill loan?
  • What credit card should a self-employed person apply for?
  • How to apply for paper bills with China Merchants Bank credit card?
  • Is there an annual fee for China Merchants Bank Credit Card in 2014?
  • There are several ways to repay a loan with a credit card I love cards
  • What's wrong with the bank of communications credit card not withdrawing money? It doesn't even withdraw money for the time being.

    • copyright 2024 Trademark Inquiry Complete Network All rights reserved