Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!news.hawaii.edu!ames!usenet.kornet.nm.kr!xpat.postech.ac.kr!news.dacom.co.kr!usenet.seri.re.kr!news.cais.net!news.jsums.edu!gatech!news.mathworks.com!uunet!in2.uu.net!news.artisoft.com!not-for-mail From: mday@Artisoft.COM (Matt Day) Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc Subject: Re: need secure OS to entrust millions to Date: 27 Feb 1996 16:47:17 -0700 Organization: Artisoft, Inc. Lines: 56 Message-ID: <4h0565$eq9@coyote.Artisoft.COM> References: <4gi6t6$3h9@lace.colorado.edu> <4gssap$4ki@news.mountain.net> NNTP-Posting-Host: coyote.artisoft.com Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:19032 comp.os.linux.misc:90811 comp.os.linux.networking:31203 comp.unix.bsd.freebsd.misc:15207 comp.unix.bsd.netbsd.misc:2428 comp.unix.bsd.bsdi.misc:2602 In article <4gssap$4ki@news.mountain.net> rprowel@nttc.edu (R. Prowel) writes: >In article <4gi6t6$3h9@lace.colorado.edu>, > wilcoxb@cs.colorado.edu (Bryce) wrote: >>-----BEGIN PGP SIGNED MESSAGE----- >> >>I'm writing documentation which advises banks on how to >>setup an electronic banking software package on a >>Net-connected, firewall-protected Intel box. Some of the >>most important banks in the world will be reading this >>documentation very soon. The current version of the >>documentation, which I inherited, advises them to run >>FreeBSD or BSDI. I'm considering changing this >>recommendation to Linux. > >My recommendation for your clients is DONT! I am a privacy and >security advocate who has a real problem with any fincancial >transactions taking place over public networks such as the >InterNet. I refuse to do business with entities who are so >irresponsible as to move any records containing information about >me across public data networks. > >Don't be naive. The concept of an absolutely secure network >connected system is a pipe dream. Of course networks can't be absolutely secure, but it's a nice goal. Airplanes crash from time to time, despite the enormous safety and reliability measures taken to prevent it from happening, but it doesn't stop people from using airplanes (and heck, if your plane crashes, I'd say you're much worse off than if some network cracker gets your Visa card number). So the challenge is figuring out the most secure ways to go about providing the Internet financial services that customers are begging for. And in my opinion, a system can be crafted which would provide at least the same level of reliability that you'd expect from a commercial airline. I'm not saying it would be an easy task, but I don't think it's impossible either, especially for a commercial organization. I especially think the current level of reliability protecting people (PIN numbers, credit card card numbers, signatures, etc...) can be matched by an Internet banking service. To the person who asked the original question: I suggest you immerse yourself in the large amount of literature available on network security, computer security, and cryptography before considering giving advice to banks. You need to be at LEAST as smart as the network crackers out there to protect something like an online bank against attack. All you have to do is read a few of the recent CERT advisories to realize just how intelligent and clever the network crackers are. And to most typical network crackers, online banks will be the prime cracking target. You may want to consider consulting with a few network security specialists before presenting a formal proposal to anyone, and you'll probably want to hire a team of experts to actually bring the system online safely. Just slapping a firewall on the network will not be sufficient by any means. Good luck! I'm looking forward to banking on the 'net. Matt Day <mday@artisoft.com>