Free Essay

Bank Security Using Secure Socket Layer Bank Security Using Secure Socket Layer Bank Security Using Secure Socket Layer

In: Science

Submitted By mubarekh
Words 743
Pages 3
WOLKITE UNIVERSITY
COLLEGE OF COMPUTING AND INFORMATICS
DEPARTMENT OF SOFTWARE ENGINNERING

TITLE OF THE PROJECT: BANK SECURITY USING SECURE SOCKET LAYER Name ID NO
1 TameratAlemu CIR/335/06
2 MubarekHiyaru CIR/272/06
3 EliyasDeriba CIR/124/06
4 Hiwot Daniel CIR/186/06
5 FILimonAregawe CIR/151/06

Chapter Two

2.0 Descriptions of the Secure SocketLayer in the bank

2.1 Major Functions of the Secure Socket Layer in the Bank
(SSL) Secure socket Layer protocol is used as the "gateway" to provide privacy for the data flowing between the browser and Sterling Bank & Trust's server. SSL provides a secure channel for data transmission over the Internet. It allows for the transfer of digital signatures for authentication procedures and provides message integrity, ensuring that the data can't be altered en route. Sterling Bank & Trust's customers can be assured they are actually communicating with Sterling Bank's web server and not a third party trying to intercept the transaction on the Internet. You can tell when you are secure by looking at the location (URL) field. If the URL begins with https:// (instead of http://), the document comes from a secure server. This means your data cannot be read or deciphered by unauthorized individuals. Generally:-
- Secure socket layer is used to provide the security protocol used by the Internet to provide an easy access to the websites.
- It provides a way to validate or identify the website by creating the information file and making the accessing possible.

- It creates an encrypted connection that provides the sending of the data from one source to another using the SSL.

- SSL provides a way to ensure that the security is being provided to the transaction and the data in use.

- The lock is used to display the browsers connection is closed or opened on the secure channel of SSL or TLS.
2.2 Users of the Secure Socket Layer

2.3 Components of the Secure Socket Layer in Banks * SSL Handshake Protocol * negotiation of security algorithms and parameters * key exchange * server authentication and optionally client authentication * SSL Record Protocol * Fragmentation(a phenomenon of computer storage) * compression * message authentication and integrity protection * encryption * SSL Alert Protocol * error messages (fatal alerts and warnings) * SSL Change Cipher Spec Protocol * a single message that indicates the end of the SSL handshake

2.4 Problems of the Secure Socket Layer in Bank
Digital certificates provide security to websites by encrypting sensitive data and verifying the identity of the websites that are secured.
We provide these certificates as a service to website owners to ensure the security of online communications.
SSL problem messages and warnings are often displayed in an attempt to protect website users from potentially compromising situations. However, an SSL error message may also indicate a problem that is entirely significant in nature. In this second case, there is often an issue either with the website you are connecting to or even possibly a misconfiguration on your own end.
If you ever encounter an SSL related warning (such as a security certificate mismatch, certificate not trusted, or secure and non-secure item see below), you may want to hold off on entering your login details or credit card information until you can make sure you are not in a compromising online situation.

Fig 2.2 problem with security website certificate
2.5 Business Rules/Security Policy of the current system
An SSL policydetermines how the system handles encrypted traffic on your network. You can configure one or more the bank SSL policies. You associate an SSL policy with an access control policy, and then apply the access control policy to a managed device. . When the device detects a TCP handshake, the access control policy first handles and inspects the traffic. If it subsequently identifies an SSL-encrypted session over the TCP connection, the SSL policy takes over, handling and decrypting the encrypted traffic. You can have one SSL policy currently applied to a Series 3 device.
The simplest SSL policy, as shown in the following diagram, directs the device where it is applied to handle encrypted traffic with a single default action. You can set the default action to block decryptable traffic without further inspection, or inspect undecrypteddecryptable traffic with access control. The system can then either allow or block the encrypted traffic. If the device detects undecryptable traffic, it either blocks the traffic without further inspection or does not decrypt it, inspecting it with access control.

Similar Documents

Free Essay

Internet Security

...topics regarding, 1) Internet Frauds ;2) to analyze user’s satisfaction on internet security by using Secure Socket Layer (SSL); and 3) to make people aware of internet fraudsters. Six research questions were utilized in this study. This study examines whether secure socket layer and its certificate would protect online users from fraudsters while they browse websites. The six research questions are as follows: • Are there any security breaches occurring with the usage of SSL certified website? • Can we stop internet frauds by making people aware of it? • Is secure socket layer used in all websites? • Is Secure Socket Layer reliable? • Does Secure Socket Layer protect online users from fraudsters? • Are users satisfied with security provided by SSL authentication? TABLE OF CONTENTS ABSTRACT ii INTRODUCTION 1 Statement of Purpose and Problem 2 Principle Research Questions 3 Assumption of the study 3 Limitation of the Study 3 Definition of Terms 3 REVIEW OF LITERATURE 5 Internet 5 How SSL Works? 8 What is a “certificate” in SSL certificate? 8 What is an SSL certificate? 9 METHODOLOGY 11 Selection of subjects 11 Instrumentation 11 Method 13 ANALYSIS 15 REFERENCE i INTRODUCTION The term internet refers to prevalent network of networks connected on the Earth and the security provided to the networks in order to maintain confidentiality of the data is called Internet security. Network can be defined as a group of computers connected together and the communication...

Words: 3516 - Pages: 15

Premium Essay

Cryptograph6Y

...Cryptographic Tunneling and OSI Model Data Security means protecting a database from destructive forces and the unwanted actions of unauthorized users. (Summer, 2004) With the explosion of the World Wide Web and the need to connect various secure private networks to it, it is vital to protect private data from exploitation when it reaches the public networks for transmission. At the heart of the networks through which the information flows is the Open Systems Interconnection (OSI) model. Various techniques are used with respect to the OSI model that helps the data to be transmitted more securely during network transmissions. One of these techniques is Cryptographic tunneling. Cryptographic tunneling operates at the transport layer and network layer of the OSI model. Cryptographic tunneling is primarily used in VPNs or the Virtual Private Networks to add additional security to the data that is flowing through these networks.  A VPN is a service that offers secure, reliable connectivity over a shared public network infrastructure such as the Internet. (Mason, 2002) The sender’s authentication, confidentiality of data and hiding the contents of the message is made possible using cryptographic tunneling. When we need data from private businesses to be transmitted through public networks, we make use of tunneling where the public network routing nodes are unaware of the transmission being part of private network. Hiding the packets to make them seem as if they were just like...

Words: 669 - Pages: 3

Free Essay

Asia Pacific

...In computer science, Secure Transmission refers to the transfer of data such as confidential or proprietary information over a secure channel. Many secure transmission methods require a type of encryption. The most common email encryption is called PKI. In order to open the encrypted file an exchange of keys is done. Many infrastructures such as banks rely on secure transmission protocols to prevent a catastrophic breach of security. Secure transmissions are put in place to prevent attacks such as ARP spoofing and general data loss. Software and hardware implementations which attempt to detect and prevent the unauthorized transmission of information from the computer systems to an organization on the outside may be referred to as Information Leak Detection and Prevention (ILDP), Information Leak Prevention (ILP), Content Monitoring and Filtering (CMF) or Extrusion Prevention systems and are used in connection with other methods to ensure secure transmission of data. ------------------------------------------------- [edit]Secure transmission over wireless infrastructure Main article: Wired Equivalent Privacy WEP is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio, so are more susceptible to eavesdropping than wired networks. When introduced in 1999, WEP was intended to provide confidentiality comparable to that of a traditional wired network. A later system, called Wi-Fi Protected Access (WPA) has since been developed...

Words: 586 - Pages: 3

Free Essay

Obesity

...own auction - including family members, roommates, friends and employees - against other bidders in order to raise the price at which your item will eventually sell and is a violation of both eBay rules and federal law. Shill bidding is considered to be unfair to buyers because of deliberate placing of bids by fraud bidders to increase the value of the auctioned item. It is a major threat to the eLite Bankers Limited as it compels bidders to bid higher for the item. Phishing Phishing is a type internet fraud that seeks to acquire a user’s credentials – passwords, credit card numbers, banks account details and other credential information – by deception. They usually take the form of fake notifications from banks, providers, e-pay systems and other organizations to encourage a recipient to urgently update or enter their personal data. This is a major concern for eLite Bankers Limited as banks and other e-pay systems are major targets for phishers. This indicates that the fraudsters are more interested in personal data which provides access to money which can bankrupt a victim of phishing. Session Hijacking Session Hijacking is the exploitation of a valid computer session to gain unauthorized access to information on a computer system. A Session Hijacking attack compromises the session token by stealing or predicting a valid session token. A session token could be compromised in different way such as; Predictable Session Token, Session Sniffing, Client-Side Attacks (malicious...

Words: 986 - Pages: 4

Premium Essay

Data Encryption

...Unit 2 Assignment – Data Encryption Security & Lab 3.10D and Lab 3.10E Oren Shedo Kaplan University Abstract Computer key encryption is becoming popular day by day because of hackers within the online world. Hackers are cracking into peoples systems left and right for their own personal gain and gaining information that can be used for identity theft. Identity theft is one of the biggest cybercrimes out there today. There are numerous security protocols and techniques out there to secure your computer though from hackers and curious people out there in the Internet. Security protocols such as secure socket layer and transport layer security are the most popular now for securing ecommerce websites. Secure socket layer is even popular for securing peoples email system as well as sender policy framework for filtering spam mail and not cluttering your inbox with junk. Another topic that is popular these days is what type of security key should we put on our networks. This report will go through why a WPA2 type security key is vital to a network for security. Part 1 - Lab 3.10D – Using the Windows Encrypting File System (EFS) 1. 2 to 6. 7. When a networked user tried to access the encrypted test3 folder, they were given an access denied error. 9. 11. When transferring test1.txt into the test3 folder, it turned into an encrypted file. 12. 13-14. for #13, the test5.txt stayed encrypted within the test folder. 16. Operation of exporting certificate was...

Words: 1801 - Pages: 8

Free Essay

Unix

...use a third party application rather use the application created by them from appstore or android market. https://online.citibank.com/US/JRS/pands/detail.do?ID=MobileSecurity * Check the balances in your linked accounts—checking, savings, credit card, home equity or personal lines and loans, and mortgages * Pay virtually any person or business in the U.S and track payments * See recent activity * Transfer money between your Citi accounts Second bank is bank of America Mobile Banking Features | * Pay your bills whenever you want with optional online Bill Pay * Check your balances on checking accounts, savings accounts and credit cardsFootnote2 * Transfer funds immediately to any other Bank of America account * Locate banking centers or ATMs, along with maps and directions | | Security | * Secure Online Banking protection against unauthorized activity with our $0 Liability Online Banking Guarantee. * SiteKey® for verification of your identity and an extra layer of security * Advanced encryption technology to prevent unauthorized access * Privacy protection of your financial information. See the Learn about the Privacy Policy for Consumers. Link opens new window. * Safeguarded account numbers–we always mask them | | Important details | * To use Mobile Banking, your mobile phone must be on the list of supported devices such as iPhone, iPad, iPods and other mobile devices. * Information such as Pay To account names or...

Words: 683 - Pages: 3

Premium Essay

You Decide: Book Bunker

...E-Payment System Review5 Security Suggestions6 Executive Summery Book Bunker is a book store specializing in rare and used books. Established twenty years ago, in a small town, the book store grew and expanded. Recently Book Bunker has implemented an online presence, including their own website and is now looking for a secure online payment system to prevent losing any further online sales. This report will explain how an e-payment system works along with three researched e-payment systems recommendations. In addition, security suggestions for Book Bunkers website and e-payment system to secure their database and customer transactions will be discussed. In attempt to help Mary and Joe decide what e-payment system to use, I have made three recommendations including Authorize.net ,Wepay, and PayPal. I believe the information I’ve provided will give your business the direction it needs to choose the right e-payment system. How E-Payments Work There are many online payment service providers (PSP) available today, most of them accepting all major credit cards. Online credit card payments work by a customer imputing their credit card information into the payment system data base, acting as a promise to pay. The PSP the contacts the bank that issued the credit card who then authorizes the credit card. Many PSP’s can complete these steps in less than 30 seconds. Once the payment steps are completed, the issuing bank settles or pays the acquiring bank and the seller now...

Words: 777 - Pages: 4

Premium Essay

Linux Security

...Project Part 1 Task 1: Outline Security Policy This security policy is essential to the First World Bank Savings and Loan. It is used to break up the security plan not measurable, specific, and testable goals and objectives. This security policy would be used to provide all current and prospective customers online banking services while keeping the First World Saing bank competitive in the financial marketplace. This solution is also an imperative due to an estimated revenue of $100,0000,000 flowing in by virtue of online credit card transactions specific to banking and loan application based services. This security policy will go on to outline the specific regulations and legislation that are in agreement with the statutory compliance criteria. Below is a recommended view of the characteristics and components of the recommended security based policy. Taking up the stake of the performance, cost, and security of maintaining the Linux, and open source infrastructure will be within the premise of the defined roles and responsibilities. Annual cost savings are estimated to amount to $4,000,000 (approx) by virtue of implementation of this solution. The ‘C’-‘I’-‘A’ triad will be a crucial requirement fo the First World Savings Bank and translates to Confidentiality, Integrity and Availability respectively. Confidentiality aspect with reference to First World Savings Bank – Confidentiality refers to the principle that states that no part of the bank, customer or any other financial...

Words: 3404 - Pages: 14

Premium Essay

Ipv6

...Mit 576 e-commerce 1)  With the aid of a diagram, describe a typical e-commerce model and how the various e- commerce technologies are implemented in your model? According to Dictionary.com * Commerce is a division of trade or production which deals with the exchange of goods and services from producer to final consumer * It comprises the trading of something of economic value such as goods, services, information, or money between two or more entities. Commonly known as Electronic Marketing, e-commerce is explained below. * “It consist of buying and selling goods and services over an electronic systems Such as the internet and other computer networks.” * “E-commerce is the purchasing, selling and exchanging goods and services over computer networks (internet) through which transaction or terms of sale are performed Electronically. The Business Process is described below, * A consumer uses Web browser to connect to the home page of a merchant's Web site on the Internet. * The consumer browses the catalog of products featured on the site and selects items to purchase. The selected items are placed in the electronic equivalent of a shopping cart. * When the consumer is ready to complete the purchase of selected items, she provides a bill-to and ship-to address for purchase and delivery * When the merchant's Web server receives this information, it computes the total cost of the order--including tax, shipping, and handling charges--and then...

Words: 4480 - Pages: 18

Premium Essay

Bitch

...Cover Page Unit Number: 2 Unit Name: Business Skills for E-commerce Student’s Name: Kiran Balraj Learner’s Edexcel number: GD62728 Lecturer Name: Keisha Winter School: School Of Business and Computer Science Ltd Table of contents Contents Cover Page 1 Table of contents 2 Market Potential for E-Commerce 4 Payment Systems, Security and Legislation. 7 Market Potential for E-Commerce a) 1. Competitor’s marketing strategies The way in which competitors conduct their marketing can provide pacesetters with insight on how to improve or differ from them. For example if they are using pay-per-click advertising methods on their e-commerce site then you can assume they are doing well enough to sustain this method of advertising, but they may be missing an active affiliate program which is where you reward a visitor or consumer who refer a sale to your website. Pacesetter can then implement this method making them unique and attracting more visitor and potential customers. 2. Competitor’s promotional forms What can you learn from their advertising methods, are there any new channels to promote your products? 3. Competitor’s customer base What do the customers see as an advantage to purchasing there and what do they see as a weakness and strength of the competitor There might be a group of customers being ignored by competitors that could be targeted profitably. Knowing your competitors' strengths...

Words: 2309 - Pages: 10

Premium Essay

Starting a Business Online

...giving my business the opportunity to excel. The threats that may be a concern are also a weak economy. The developments in technology could change the clothing market beyond our ability to adapt and larger competitors could destroy our chances in the clothing industry. The advantages that I anticipate would be the ability to run my business from virtually anywhere, lower overheads, cheaper start up costs, growth potential is at my discretion and establishing worldwide presence. The disadvantages would be the low barriers for anyone to copy your business model and compete with you. Sectoral limitations would mean the lack of growth and potential downfall of your efforts and costly e-business solutions for optimization and state of the art security that...

Words: 1242 - Pages: 5

Free Essay

Information Systems Security

...protected against security threats that exploit vulnerabilities. Organizations must therefore impose appropriate controls to monitor for, deter and prevent security breaches. Three areas have been considered, in a typical sense, as the basic critical security requirements for data protection: confidentiality is used to assure privacy; principles of integrity assure systems are changed in accordance with authorized practices; and, availability is applied to maintain proper system functions to sustain service delivery (Dhillon, 2007, p. 19). These security requirements are represented in Figure 1, Classic Critical Security Requirements. This figure depicts the cross-domain solutions of informal controls, also known as human relationships, and formal and technical controls, which provide for organizational and physical information security controls, respectively. Two additional security requirements have recently been added that are of particular importance to networked environments because attacks now extend far beyond traditional firewall perimeters. These are authentication, which is used to assure a message actually comes from the source it claims to have originated; and, nonrepudiation, which can be applied to prevent an entity from denying performance of a particular action related to handling data, thereby assuring validity of content and origin. Figure 2, Core Data Security Set, depicts the interrelationship of the five core requirements of information security. The remainder...

Words: 1759 - Pages: 8

Premium Essay

Ecommerce

...4.1 ELECTRONİC PAYMENT SYSTEMS (EPS) Issues of trust and acceptance play a more significant role in the e-commerce world than in traditional businesses as far as payment systems are concerned. Traditionally, a customer sees a product, examines it, and then pays for it by cash, check, or credit card (Figure 4.1). In the e-commerce world, in most cases the customer does not actually see the concrete product at the time of transaction, and the method of payment is performed electronically. Figure 4.1 Traditional payment scheme EPSs enable a customer to pay for the goods and services online by using integrated hardware and software systems. The main objectives of EPS are to increase efficiency, improve security, and enhance customer convenience and ease of use. Although these systems are in their immaturity, some significant development has been made. There are several methods and tools that can be used to enable EPS implementation (Figure 4.2) Figure 4.2 Electronic payment scheme While customers pay for goods/services by cash, check, or credit cards in conventional businesses, online buyers may use one of the following EPSs to pay for products/services purchased online: • • • • • • • • • Electronic funds transfer (EFT): EFT involves electronic transfer of money by financial institutions. Payment cards : They contain stored financial value that can be transferred from the customer's computer to the businessman's computer. Credit cards : They are the most popular...

Words: 6708 - Pages: 27

Premium Essay

Securing Online Tranactions

...We take a look around and we have technology everywhere; Smartphones, tablets, laptops, desktops, and more. This access to technology gives us the access we need, access to send emails anywhere, look up information we may need, and able to purchase a shirt or even book a hotel online all from a phone or tablet. Being able to purchase items online is not new, it has been around for years, the thought of this is call ecommerce, ecommerce is the buying and selling or products or services via the internet (Merchant). Before the internet, before ecommerce, we had to go to Wal-Mart, or go into a GNC to get our vitamins that we need. We would spend so much time driving to store after store to get the things we needed, time and gas wasted. So when did online shopping start and how did it come about? The idea of online shopping dates back several decades, it was just not something that was thought of here recently in past few years. The idea of shopping and making purchases online were an idea of man named, Michael Aldrich. It was Michael Aldrich that was credited in the developing the start of online shopping (Merchant). It was Aldrich who back in the late 1970s, that took an old television and connected to a telephone and coined it "teleshopping" which he meant as shopping from a distance, this would be the start of the idea he had in mind (Merchant). The start and creation of the world wide web, or what we like to call the internet would be the milestone that was needed to reach...

Words: 3581 - Pages: 15

Premium Essay

Virtual Private Network

...VPN Concepts A virtual private network (VPN) is used to transport data from a private network to another private network over a public network, such as the Internet, using encryption to keep the data confidential. In other words, a VPN is an encrypted connection between private networks over a public network, most often the Internet. VPNs provide the following services:  Confidentiality: VPNs prevent anyone in the middle of the Internet from being able to read the data. The Internet is inherently insecure as data typically crosses networks and devices under different administrative controls. Even if someone is able to intercept data at some point in the network they won’t be able to interpret it due to encryption.  Integrity: VPNs ensure that data was not modified in any way as it traversed the re Internet. Authentication: VPNs use authentication to verify that the device at the other end of VPN is a legitimate device and not an attacker impersonating a legitimate device. Cost savings - VPNs enable organizations to use the global Internet to connect remote offices and remote users to the main corporate site, thus eliminating expensive, dedicated WAN links and modem banks.    Security - VPNs provide the highest level of security by using advanced encryption and advanced authentication protocols that protect data from unauthorized access. Scalability - Because VPNs use the Internet infrastructure within ISPs and devices, it is easy to add new users. Corporations...

Words: 6523 - Pages: 27