At 08:32 PM 7/2/97 +0100, Kevin Brown - NetComm wrote:
>No I was not spoofed, but I have discovered that you do not have a sense of
Sure I do. My puns are infamous. 8^)
>I was tying to point out that MS can even today, snare people into taking
>actions that are terribly foolish. Would you advise a bank to allow any
>customer to dial in for bank transactions with NT RAS as the sole form of
>Authentication for their internal Net?
No on both counts. I wouldn't recommend that their customers use any
authentication-only mechanism for dial-in bank transactions. Nor would
I allow any inbound connection to terminate on their internal network.
As anyone who has audited a bank can tell you, banks are notoriously
insecure. Many (most?) banks are still using antiquated (and insecure)
technologies to secure customer dial-in bank transactions. <sigh>
I recommended one solution to secure customer dial-in banking to an
out-of-country bank. It was my understanding that this was going to
be a competitive advantage for their bank over other banks. in the
area. It'd be nice if other banks followed suit.
The opinions of the author of this mail may not necessarily be
representative of the opinions of Fortifed Networks, Inc.
Fortified Networks, Inc. - http://www.fortified.com/
Expert (vendor-neutral) Computer and Network Security Consulting
Phone: (317) 573-0800 Fax: (317) 573-0817