Online banking hosted on IIS...

[beatmix01]

I just found out my banking institution uses IIS as their platform to run their online banking. For some reason this does not sit well.

 

[yllus]

Which version of IIS? The latest is pretty secure.

 

[Legendary]

I'm missing a background in IIS so could you please explain?

 

[vi edit]

So long as the admin isn't a complete chucklehead it's not as insecure as people think.

 

[beatmix01]

Well it is either 5.0 or 6.0, cannot tell from their error page.

 

[Fenixgoon]

whats IIS?

 

[Valhalla1]

Internet Information Server ?

its the webserver built into Windows Server

 

[gshock888]

if my bank uses IIS i would feel like my money is slow... very slow

other than that, i think it's as secure as it being hosted in java or whatnot.

 

[Baked]

Which bank?

 

[beatmix01]

http://www.microsoft.com/WindowsServer2003/iis/default.mspx

 

[beatmix01]

Originally posted by: Baked
Which bank?

Northfork Bank

 

[Rogue]

Originally posted by: beatmix01
Well it is either 5.0 or 6.0, I have yet to figure that out.

Why might you need to "figure it out"?

Are you some kind of super admin or security guru and have a well versed knowledge of the security concerns with IIS or are you some /. weenie who reads a headline and thinks he knows everything about something? Start a poll to answer that question please. Thanks.

 

[beatmix01]

Originally posted by: Rogue

Originally posted by: beatmix01
Well it is either 5.0 or 6.0, I have yet to figure that out.

Why might you need to "figure it out"?

Are you some kind of super admin or security guru and have a well versed knowledge of the security concerns with IIS or are you some /. weenie who reads a headline and thinks he knows everything about something? Start a poll to answer that question please. Thanks.

Actually I am a security guru / admin... However, from the rest of their web site/ infrastructure, I am not sure how well their internals are managed.

 

[gshock888]

north fork is a huge bank and is FDIC insured. who cares if they got hacked and you lose all your money. the feds got your back unless ur bill gates-rich.

 

[Rogue]

Originally posted by: beatmix01

Originally posted by: Rogue

Originally posted by: beatmix01
Well it is either 5.0 or 6.0, I have yet to figure that out.

Why might you need to "figure it out"?

Are you some kind of super admin or security guru and have a well versed knowledge of the security concerns with IIS or are you some /. weenie who reads a headline and thinks he knows everything about something? Start a poll to answer that question please. Thanks.

Actually I am a security guru / admin... However, from the rest of their web site/ infrastructure, I am not sure how well their internals are managed.

Then I'm guessing that you're freelancing right now or you're violating some type of privacy agreement. Either way, go ahead on if you feel it's right. Seems to me you're up to something though and posting your inquiry results to a public forum doesn't seem prudent for a "security guru/admin" looking to gain trust from an organization.

 

[Baked]

FDIC only covers $100K last time I checked.

 

[beatmix01]

Not looking to gain trust nor would I be violating any privacy agreement/laws.

 

[everman]

It just depends on what kind of people are managing things there. Even Apache can be terribly insecure if you have a complete moron managing it.

 

[Merlyn3D]

Um....aren't "who cares" and "indifferent" the same or very similar?

 

[KillyKillall]

I use Quicken Bill Pay myself. It rocks.

 

[Fenixgoon]

Originally posted by: Baked
FDIC only covers $100K last time I checked.

100k is a lot to have in the bank tho

 

[FreshPrince]

Originally posted by: beatmix01
I just found out my banking institution uses IIS as their platform to run their online banking. For some reason this does not sit well.

when you say online banking....what do you mean? can you transact online or are you just viewing your statements and checks online?

Also, IIS6 is pretty secure. And even if someone hacked into the bank, they'd need intimate knowledge of how the banking software and backend infractructure is setup in order to get to the data.

Now if their tapes were stolen like Bank of America and your data was on it...then you're screwed 😉

 

[beatmix01]

Online banking to perform transactions online. Regarding the Bank of America tapes... wouldnt you think the data backed up on the tapes would be encrypted?

 

[FreshPrince]

Originally posted by: beatmix01
Online banking to perform transactions online. Regarding the Bank of America tapes... wouldnt you think the data backed up on the tapes would be encrypted?

you'd think....

 

[MrChad]

Originally posted by: vi_edit
So long as the admin isn't a complete chucklehead it's not as insecure as people think.

:thumbsup:

An incompetent admin can setup Apache more insecurely than IIS, so what's your point?