A
A
AlexGrid2018-05-11 10:43:49
Payment systems
AlexGrid, 2018-05-11 10:43:49

How to eliminate the conflict of client-banks of different banks on the user's computer?

In our organization, the payment department uses about ten client banks (hereinafter referred to as CBs), including two foreign ones (Belarus, Kazakhstan)
. About ten employees work in the payment department, each of which should be able to work with all client banks from his workplace.
CBs of different banks refuse to work on the same computer due to a software conflict, mainly crypto-protection. Each bank has its own plugin for crypto pro, the main problems with plugin conflicts.
After a long period of experience, client-banks compatible with each other were identified, as a result, we have three physical computers for each employee of the payment department.
This number can suddenly increase at any time after the appearance of new banks, as well as after updates to one of the CBs.
Helpdesk banks respond to incidents in the following way: take a clean computer, install our client-bank. Works? Goodbye.
The main problem is that after installing an update of one of the banks, the work of others working on the same computer may be paralyzed for some time. An urgent reinstallation is required, it takes time from technical support, as well as from employees of the payment department. Urgent payments may be delayed, resulting in loss to the business.
We need to find a solution to eliminate the influence of KB-in on each other. Each payroll employee should have only one personal computer. Maintaining a solution shouldn't take long.
Possible options:
*
virtualization - in general terms, it is clear how to do it, although questions will arise in the process. But our IT security forbade this option because it is possible to intercept the key through the network. The virtual machine server can be in a server room in the same building as the billing department or in a remote data center.
*
Using encryption on the network so that the key cannot be intercepted through the power cord. This is for the virtualization option. I'm not strong in encryption and its reliability.
*
virtualization with the installation of a virtual machine server in the billing department. Creation of a separate network, all the wires of which are located in the billing department and cannot be connected to them outside the room.
*
Installing multiple IE web browsers on one user's computer. Each KB works through a separate browser. Most KBs work through IE. There are some suspicious solutions on the Internet, I did not find a single one that is trustworthy and I'm not sure that it will work.
*
1C:DirectBank - through one interface there is communication with different banks, but not all banks are supported and it is not known whether ten of ours will work on one computer through 1C. I turned to franch 1C, they said that it would not help.
*
Change in the organization of work of the payment department - moving away from personal jobs. A separate computer is created for each KB and employees change between them during the day. It is unlikely that the billing department will go for such a change.
........
First of all, proven and working solutions are of interest.

Answer the question

In order to leave comments, you need to log in

7 answer(s)
A
Armenian Radio, 2018-05-11
@gbg

But our IT security forbade this option because it is possible to intercept the key through the network.

Your security doesn't know about VPN? Fuck off!
Virtualization will solve all your problems.

A
Anton Kiselyov, 2018-05-11
@zamboga

You can do without a virtualization server - put 8-16 gigs of RAM on each computer in the payment department, and put 10 virtual machines on each computer, each for its own bank or 5 for every pair of banks.
Teach girls to turn off (in hibernation) each virtual machine when it is not needed. Then it will start back up very quickly.
On each virtual machine, you can even replace shell: explorer immediately with ie, then at startup there will be no start button and desktop, but an Internet explorer with the desired bank will open immediately.
Periodically take "snapshots" of virtual machines (through scripts), then even if something crashes after the update, you can quickly restore work (or restore through a reference virtual machine).
The deployment is not complicated - make a reference virtual machine, then accumulate it into 10 virtual machines for each bank, and upload everything to the accountants' computers. Any admin can do it for a conditional day.

A
Alexander, 2018-05-11
@alexr64

But our IT security forbade this option because it is possible to intercept the key through the network

Exclude network as key transport. Virtualize an OS with a client-bank in the workplace.

A
Artem @Jump, 2018-05-11
Tag

Understand what exactly conflicts and no problems.
Do you change the keys, or do you have them all connected in a bundle?

M
Maxim Grishin, 2018-05-11
@vesper-bot

Deploy PKI, if not yet, raise a VM for each client-bank, allow payers to go to these VMs under domain logins, hang draconian security policies on them, but so that RDP also works (encrypted, by the way, will be, so there will be SB satisfied - no one will intercept the keys locally) and client-bank(s), post RDP files from connections to them in a folder where payers have read-only access, and show them to all interested parties. For payers - work with client banks like this, synchronize access like this (unless you also set up RDSH licensing for this structure, then users will be able to work in parallel on one VM, but this is more expensive and timeouts will need to be configured so that the user does not forgot about sessions, etc.), SB - all this is protected by full-fledged TLSv1.

A
Alexander Chernykh, 2018-05-11
@sashkets

I'll put in 5 cents too.
There are 3 types of KB
1. java clients
2. win32 clients
3. web clients The
worst option is option 1. It is from the Java side that there may be inconsistencies in the KB that you wrote about. Therefore, the way out for you is to move away from 1 to 2 or 3. A
few years ago, Google refused to support Java. Now it is not supported by Opera / FF either (FF esr branch supports Java, but it will also probably stop soon). As a result, banks reacted to this by introducing a web client, where Java is not needed.
You find out (call), perhaps your bank has a win32 / web client
.
Your problem is familiar to me firsthand.

M
m0nym, 2018-05-24
@m0nym

Windows Container

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question