[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Credit cards
- Subject: Re: [cobalt-security] Credit cards
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 14 May 2002 11:05:41 -0400
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Tuesday 14 May 2002 10:28 am, Jeff Lasman wrote:
> duncan gray wrote:
> > I'm guessing that you would need something along this
> > line.
> >
> > A SSL certificate for encrypting server - client
> > communication.
> > Encrypted DB.
> > A firewall.
> >
> > Is there anything else?
>
> A secure way of getting the details off the system and into the hands of
> someone. Either a secure (pgp/gpg) email system, OR a procedure for
> sending the information to an email account on the box that you read
> through webmail over a secure connection, or some other way of reading
> the credit card information over a secure connection.
No *don't* store the info in a mail spool on the server unencrypted.
> And how about a procedure in place to get those credit card numbers OFF
> the system on a regular basis so if it is hacked, you won't end up on
> the six-o'clock news.
Again store and pop (deleting from the server) encrypted.
When they get to the client, they are still safe as they are encrypted
--
Gerald Waugh
http://www.frontstreetnetworks.com :: Phone. [011] 203.785.0699
Front Street Networks LLC | SOHO Networks & Web Site Hosting
229 Front Street, Ste. #C, New Haven, CT, 06513-3203 United States