[ILUG] [ot] secure sites
longword at esatclear.ie
Thu Nov 1 15:20:16 GMT 2001
Fergal Daly wrote:
>>Well if the subnet you sit on is not switched
> Aboslutely but then again I think not being switch would be far worse at the
> server end than the client end.
Ethernet switches are not security devices, particularly in their
default configuration. Do no rely on them to perform as such. Routers
aren't always as secure as we'd like to think either.
When sending details like credit card numbers, you also have to worry
about how secure the site is overall - a 128-bit security certificate
isn't enough. It's not unheard-of for 'secure' sites to have their
database servers wide-open to hacking.
More information about the ILUG