Re: internet banking security
From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 10/17/05
- Previous message: McKinley, Jackson: "RE: prohibiting visitors from connecting to network"
- In reply to: Muhammad Aslam: "Re: internet banking security"
- Next in thread: ework0: "Re: internet banking security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Muhammad Aslam <aslam.popal@gmail.com> Date: Mon, 17 Oct 2005 20:27:31 +0100
On Mon, 2005-10-17 at 14:45 +0430, Muhammad Aslam wrote:
> I agree with you but we want some preliminary information about
> ebanking security systems and different steps in making it secure and
> reliable.
>
So what specifically are you asking ? A banking system can be put
together in a variety of different ways and until you have specifics we
could talk about building secure Windows systems or writing secure code.
It's very wide, what are your actual worries - give us questions to
answer, otherwise we could just talk for pages on random security
topics.
> Exactly we are outsourcing this project but prior doing so , we want
> to get enough information so that we will be in the loop whatever
> happening and what the security company will suggest us in going
> online.
What do you need information on ? "Ebanking security" is very wide, do
you want to know about development environments, security policies, OS
hardening, OS choices ?
>
> >
> > It seems like you are ready to just grab the software and security
> > advice we give here and dive into building the system, very bad idea.
> >
> Which we are also not going to do as we are aware of the magnitude of
> responsibility is invovled and as i mentioned we are going to
> outsource the project.
Do you want us to just tell you everything there is to know about
security or do you have _specific_ queries ?
Like I said in my first email your question can be answered in hundreds
of different ways, can you please give us more specific questions.
"What are the security implications of creating an ebanking system as a
3 tier web app based on PHP/IIS/MySQL?"
"What sort of policy documents should we prepare for an ebanking system
(for internal and customer use) ?"
These are very different questions and we could discuss either of them
in response to your original query and they may not even come close to
what it is you need. Can you _please_ explain exactly what your issues
are so we can offer help.
-- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: McKinley, Jackson: "RE: prohibiting visitors from connecting to network"
- In reply to: Muhammad Aslam: "Re: internet banking security"
- Next in thread: ework0: "Re: internet banking security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
