Security Basics mailing list archives

Re: internet banking security

From: Barrie Dempster <barrie () reboot-robot net>
Date: Mon, 17 Oct 2005 20:27:31 +0100

On Mon, 2005-10-17 at 14:45 +0430, Muhammad Aslam wrote:

I agree with you but we want some preliminary information about
ebanking security systems and different steps in making it secure and
reliable.


So what specifically are you asking ? A banking system can be put
together in a variety of different ways and until you have specifics we
could talk about building secure Windows systems or writing secure code.
It's very wide, what are your actual worries - give us questions to
answer, otherwise we could just talk for pages on random security
topics.

Exactly we are outsourcing this project but prior doing so , we want
to get enough information so that we will be in the loop whatever
happening and what the security company will suggest us in going
online.


What do you need information on ? "Ebanking security" is very wide, do
you want to know about development environments, security policies, OS
hardening, OS choices ?


It seems like you are ready to just grab the software and security
advice we give here and dive into building the system, very bad idea.

Which we are also not going to do as we are aware of the magnitude of
responsibility is invovled and as i mentioned we are going to
outsource the project.


Do you want us to just tell you everything there is to know about
security or do you have _specific_ queries ?

Like I said in my first email your question can be answered in hundreds
of different ways, can you please give us more specific questions.

"What are the security implications of creating an ebanking system as a
3 tier web app based on PHP/IIS/MySQL?"

"What sort of policy documents should we prepare for an ebanking system
(for internal and customer use) ?"

These are very different questions and we could discuss either of them
in response to your original query and they may not even come close to
what it is you need. Can you _please_ explain exactly what your issues
are so we can offer help.

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description:

Current thread:

internet banking security Muhammad Aslam (Oct 12)
- Re: internet banking security Barrie Dempster (Oct 13)
  - Re: internet banking security Muhammad Aslam (Oct 18)
    - Re: internet banking security Barrie Dempster (Oct 18)
    - Re: internet banking security ework0 (Oct 18)
    - Re: internet banking security Brian Smith (Oct 21)
- RE: internet banking security Rocky Heckman (Oct 17)
- Re: internet banking security crazy frog crazy frog (Oct 18)
  - Re: internet banking security xyberpix (Oct 18)
    - Re: internet banking security Barrie Dempster (Oct 26)
    - Re: internet banking security Stacey Blanc (Oct 27)
    - RE: internet banking security Mark Brunner (Oct 27)