Re: Maximum Online Transaction Amount....
From: James McGee (james__mcgee@hotmail.com)Date: 08/28/02
- Previous message: James McGee: "Re: Security scanner for W2k servers"
- In reply to: Johannes Ullrich: "Re: Maximum Online Transaction Amount...."
- Next in thread: Johannes Ullrich: "Re: Maximum Online Transaction Amount...."
- Next in thread: Craig Humphrey: "RE: Maximum Online Transaction Amount...."
- Reply: Johannes Ullrich: "Re: Maximum Online Transaction Amount...."
- Reply: Stephane Nasdrovisky: "Re: Maximum Online Transaction Amount...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "James McGee" <james__mcgee@hotmail.com> To: "Johannes Ullrich" <jullrich@euclidian.com> Date: Tue, 27 Aug 2002 23:13:37 +0100
Site is not open to the general public, but varying levels of users.
Although access is over the public Internet...
I cant really elaborate too much on the ins and outs, not for fear of a
breach, just cant discuss the business to much, as it would point to a niche
industry with few players........I am sure you understand.
I am looking into talking with 3rd parties, to get more information on
product offerings and would welcome any feedback on any of the big suppliers
out there.
The system would be used by varying levels of end user, from entry
level(read only) to Trustee(capable of switching the big numbers). Luckily
the Trustees, are well, trusted, and the levels in between trusted
reasonably, but I feel that a PKI is the only way off ensuring
non-repudiation.
If there are any other methods or tools out there offering non-repudiation,
please share them with me......
----- Original Message -----
From: "Johannes Ullrich" <jullrich@euclidian.com>
To: "James McGee" <james__mcgee@hotmail.com>
Cc: <security-basics@securityfocus.com>
Sent: Tuesday, August 27, 2002 7:06 PM
Subject: Re: Maximum Online Transaction Amount....
>
> hm. a few more details would help. How is the money moved? is this a
> more or less public e-commerce web site? An internal system with limited
> users? How many users and who are they (trusted internal users?
strangers?)
>
> Other than that, any decent basic security book or training probably helps
> at this point. Talk to some vendors that provide your current software
> and hardware and see what they have to say.
>
> On Tue, 27 Aug 2002 12:38:00 +0000
> "James McGee" <james__mcgee@hotmail.com> wrote:
>
> > I have been asked to make recommendations for a new systems security.
> > Trouble is I really dont like the idea of it too much.
> >
> > Basically, there could be transactions in the region of up to GBP£
> > 100,000,000 going through! One way would be the use of a Internal CA
and
> > a PKI system. But they are not prepared to invest those sorts of sums
> > for this particular project.
> >
> > Can anyone recommend any papers or documents advising on securing
> > transactions of this level, or even limiting transactions to a certain
> > level?
> >
> >
> >
> > _________________________________________________________________
> > Chat with friends online, try MSN Messenger: http://messenger.msn.com
> >
> >
>
>
> --
> --------------------------------------------------------------------
> jullrich@euclidian.com Collaborative Intrusion Detection
> join http://www.dshield.org
>
- Previous message: James McGee: "Re: Security scanner for W2k servers"
- In reply to: Johannes Ullrich: "Re: Maximum Online Transaction Amount...."
- Next in thread: Johannes Ullrich: "Re: Maximum Online Transaction Amount...."
- Next in thread: Craig Humphrey: "RE: Maximum Online Transaction Amount...."
- Reply: Johannes Ullrich: "Re: Maximum Online Transaction Amount...."
- Reply: Stephane Nasdrovisky: "Re: Maximum Online Transaction Amount...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
