Security Basics mailing list archives
Re: fraud detection software for a bank
From: Davin Enigl <davinenigl () comcast net>
Date: Thu, 18 Oct 2012 07:45:31 -0700
It's not as simple an "Open Source" solution. This is a complex subject. It's best to hire a "large" (known) professional firm with a proven reputation that specialises in this area. Detection and prevention are expensive and time consuming. Please read the following (or the equivalent): The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) (SEI Series in Software Engineering) by Cappelli, Moore, and Trzeciak. For instance SNORT-like IPS can be used to detect exfiltration. SELinux can be used to create Mandatory Access Control. Hardware Security Modules can be used for access to high value servers. Yubikeys and SHA-2 hashing provide non-repudiation of user activity in audits of user logs. Firewall logs can be reviewed. Wireshark can look at all data streaming over a network that is not encrypted. Even then, you can use a MITM proxy to look at the encrypted data before (and as) it goes out. There are so many things you can do, it's ridiculous. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- fraud detection software for a bank marco cohen (Oct 17)
- Re: fraud detection software for a bank Psilva (Oct 18)
- Re: fraud detection software for a bank Andrea Zwirner (Oct 18)
- RE: fraud detection software for a bank Trey Keifer (Oct 18)
- RE: fraud detection software for a bank Chris Garlington (Oct 18)
- Re: fraud detection software for a bank Andrea Zwirner (Oct 18)
- Re: fraud detection software for a bank Rolph Kreis (Oct 18)
- Re: fraud detection software for a bank Davin Enigl (Oct 18)
- Re: fraud detection software for a bank gold flake (Oct 22)
- Re: fraud detection software for a bank Burhan Muhammad (Oct 22)
- Re: fraud detection software for a bank Ric Hdz (Oct 22)
- RE: fraud detection software for a bank Kiran Karnad (Oct 23)
- Re: fraud detection software for a bank Jeffrey Walton (Oct 24)
- Re: fraud detection software for a bank Koios (Oct 24)
- Re: fraud detection software for a bank Burhan Muhammad (Oct 22)
- Re: fraud detection software for a bank Psilva (Oct 18)
- Re: fraud detection software for a bank Donduq (Oct 22)
- <Possible follow-ups>
- Re: fraud detection software for a bank david . julian (Oct 18)