Re: internet banking security

[Barrie Dempster <barrie () reboot-robot net>]

On Wed, 2005-10-12 at 20:10 +0430, Muhammad Aslam wrote:
> Hi,
>
> I am administrator for a bank and we are in the process of starting
> our online internet banking. Now i need information in regard to
> following:
>
> a. information regarding security issues in internet banking
> b. network infrastructure setup
> c. Recommended hardware / software


This is a *very* wide open area, every point has a variety of differing
angles. Point A for example can cover anything from choosing well
trained developers to hardening the OS. We also have no idea of scale so
any advice would just be wild guesses and possibly not what you need.

Generally an administrator of a bank of any largish size won't be
running a project to create an Internet banking system he may not even
be a resource on the project.

The only advice that is really worthwhile giving on this subject is to
employ people that know what they are doing and split tasks off between
these roles. your questions could either be viewed from a project
management perspective or from a technical one, these are very different
views and you need input from both, at minimum, on a project. Especially
when finance and personal details are involved.

Figure out what you *want* to do, figure out how that fits with your
systems and then figure out who has the skills to accomplish this as
well as which skills your team may lack. Then when you have the problem
defined and the skilled people tasked to the project you can begin
coming up with an adequate solution.

It seems like you are ready to just grab the software and security
advice we give here and dive into building the system, very bad idea.

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description: