Home page logo

basics logo Security Basics mailing list archives

Re: Secure Intranet?
From: Arnaud M. <cyclic () salemioche com>
Date: Mon, 4 Nov 2002 22:33:16 +0100

On Fri, 1 Nov 2002 16:58:26 -0800
"Surmit Walia" <swalia () bay csuhayward edu> wrote:

If HTTPS is not secure enough, than why do banks use them?  Just

---> Using a https server don't seem to me secure enough, but it's the
cheapest solution..

I hope it helps

Arnaud M.

Nowadays, no web application seems to be secure enough but i'm not expert.

Why https not secure enough and why do banks use them ?
https is http over ssl that's to say encryption of http traffic, authentification of hosts with use of Certificate and 
integrity of http data. Network protocol used is IP

VPN ensures encryption using IPSec protocol ( instead of using IP ), authentification of hosts with RADIUS, integrity 
of data... 
VPN offers Private adressing that's to say data is tunneled through internet with private IP for stations ( execpt for 
routers intranet/internet )
VPN allows mobile IP that's very comfortable for sb who has to travel and to access to a network anywhere he is.

So in think VPN is more suitable for you than https.

Many banks use https but it doesn't mean that https is secure, it only means that http is unsecure... And banks 
websites have to be open to many ppl and https is implemented in every browser. On the contrary, no everybody has 
hardware/software for using more secured protocols..

Networking Security policy may be adapted according to the application, and each actor of the communication process.

Sorry for my sloppy english ...

Arnaud M

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]