At 03:34 PM 5/20/96 +0800, cjhew @
my allegedly wrote:
>Can anyone in this list suggest what sort of Firewall products or security
>measure that banks need to undertake if they decide to offer Electronic
>over the Internet?
>Thanks and regards,
It depends on the nature of the business you are planning on doing. If you
are talking very small amounts of money (say <$100), then I would recommend
using digital signatures coupled with strong encryption and encryption.
As far as what determines if it is strong enough:
If it's routinely exportable by the USA, it isn't strong enough (mildly put)
Since this is for a bank, the stronger encryption can be obtained by USA
sources, if they are kind enough to wade through the paperwork for you. <sigh>
I would NOT recommend using the Internet for large financial transactions
as it violates two primary rules of Internet usage for businesses:
o NEVER, EVER use the Internet for business-critical applications/transactions
o NEVER, EVER use the Internet for time-critical applications/transactions
I brought a firewall to its knees last week while doing a penetration test
for a customer. Imagine the results if a hacker tried the same thing with
similar results and prevented the delivery of time-critical and/or business-
critical) data from reaching its intended destination. A sustained attack
could cripple a corporation which is dependent on business- or time-critical
transactions over the Internet. Proceed with caution before doing anything
business-related over the Internet.
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec
The opinions expressed above are of the author and may not
necessarily be representative of Fortified Networks Inc.
Fortified Networks Inc. - Information Security Consulting
http://www.fortified.com Phone: (317) 573-0800 FAX: (317) 573-0817
Home of the Free Internet Firewall Evaluation Checklist