Online banking hosted on IIS...

beatmix01 · Mar 1, 2005

I just found out my banking institution uses IIS as their platform to run their online banking. For some reason this does not sit well.

yllus · Mar 1, 2005

Which version of IIS? The latest is pretty secure.

Legendary · Mar 1, 2005

I'm missing a background in IIS so could you please explain?

vi edit · Mar 1, 2005

So long as the admin isn't a complete chucklehead it's not as insecure as people think.

beatmix01 · Mar 1, 2005

Well it is either 5.0 or 6.0, cannot tell from their error page.

Fenixgoon · Mar 1, 2005

whats IIS?

Valhalla1 · Mar 1, 2005

Internet Information Server ?

its the webserver built into Windows Server

gshock888 · Mar 1, 2005

if my bank uses IIS i would feel like my money is slow... very slow

other than that, i think it's as secure as it being hosted in java or whatnot.

Baked · Mar 1, 2005

Which bank?

beatmix01 · Mar 1, 2005

http://www.microsoft.com/WindowsServer2003/iis/default.mspx

beatmix01 · Mar 1, 2005

Originally posted by: Baked
Which bank?

Northfork Bank

Rogue · Mar 1, 2005

Originally posted by: beatmix01
Well it is either 5.0 or 6.0, I have yet to figure that out.

Why might you need to "figure it out"?

Are you some kind of super admin or security guru and have a well versed knowledge of the security concerns with IIS or are you some /. weenie who reads a headline and thinks he knows everything about something? Start a poll to answer that question please. Thanks.

beatmix01 · Mar 1, 2005

Originally posted by: Rogue

Originally posted by: beatmix01
Well it is either 5.0 or 6.0, I have yet to figure that out.

Click to expand...

Why might you need to "figure it out"?

Are you some kind of super admin or security guru and have a well versed knowledge of the security concerns with IIS or are you some /. weenie who reads a headline and thinks he knows everything about something? Start a poll to answer that question please. Thanks.

Actually I am a security guru / admin... However, from the rest of their web site/ infrastructure, I am not sure how well their internals are managed.

gshock888 · Mar 1, 2005

north fork is a huge bank and is FDIC insured. who cares if they got hacked and you lose all your money. the feds got your back unless ur bill gates-rich.

Rogue · Mar 1, 2005

Originally posted by: beatmix01

Originally posted by: Rogue

Originally posted by: beatmix01
Well it is either 5.0 or 6.0, I have yet to figure that out.

Click to expand...

Why might you need to "figure it out"?

Are you some kind of super admin or security guru and have a well versed knowledge of the security concerns with IIS or are you some /. weenie who reads a headline and thinks he knows everything about something? Start a poll to answer that question please. Thanks.

Click to expand...

Actually I am a security guru / admin... However, from the rest of their web site/ infrastructure, I am not sure how well their internals are managed.

Then I'm guessing that you're freelancing right now or you're violating some type of privacy agreement. Either way, go ahead on if you feel it's right. Seems to me you're up to something though and posting your inquiry results to a public forum doesn't seem prudent for a "security guru/admin" looking to gain trust from an organization.

Baked · Mar 1, 2005

FDIC only covers $100K last time I checked.

beatmix01 · Mar 1, 2005

Not looking to gain trust nor would I be violating any privacy agreement/laws.

everman · Mar 1, 2005

It just depends on what kind of people are managing things there. Even Apache can be terribly insecure if you have a complete moron managing it.

Merlyn3D · Mar 1, 2005

Um....aren't "who cares" and "indifferent" the same or very similar?

KillyKillall · Mar 1, 2005

I use Quicken Bill Pay myself. It rocks.

Fenixgoon · Mar 1, 2005

Originally posted by: Baked
FDIC only covers $100K last time I checked.

100k is a lot to have in the bank tho

FreshPrince · Mar 1, 2005

Originally posted by: beatmix01
I just found out my banking institution uses IIS as their platform to run their online banking. For some reason this does not sit well.

when you say online banking....what do you mean? can you transact online or are you just viewing your statements and checks online?

Also, IIS6 is pretty secure. And even if someone hacked into the bank, they'd need intimate knowledge of how the banking software and backend infractructure is setup in order to get to the data.

Now if their tapes were stolen like Bank of America and your data was on it...then you're screwed

beatmix01 · Mar 1, 2005

Online banking to perform transactions online. Regarding the Bank of America tapes... wouldnt you think the data backed up on the tapes would be encrypted?

FreshPrince · Mar 1, 2005

Originally posted by: beatmix01
Online banking to perform transactions online. Regarding the Bank of America tapes... wouldnt you think the data backed up on the tapes would be encrypted?

you'd think....

MrChad · Mar 1, 2005

Originally posted by: vi_edit
So long as the admin isn't a complete chucklehead it's not as insecure as people think.

:thumbsup:

An incompetent admin can setup Apache more insecurely than IIS, so what's your point?

Online banking hosted on IIS...

Golden Member

Elite Member & Lifer

Diamond Member

Elite Member

Golden Member

Lifer

Diamond Member

Banned

Lifer

Golden Member

Golden Member

Banned

Golden Member

Banned

Banned

Lifer

Golden Member

Lifer

Platinum Member

Diamond Member

Lifer

Diamond Member

Golden Member

Diamond Member

Lifer