Tripod Home | New | TriTeca | Work/Money | Politics/Community | Living/Travel | Planet T | Daily Scoop
Overview
Exploring the Internet; the growth of electronic commerce.Security Architecture
A look at the technology employed by Security First to keep your money safe and secure.Security Reference List
Our hotlist of sites for facts, products or services related to Internet security.A Closer Look At SFNB's Security Architecture
Our white paper on Security First's approach to Internet security issues.
Overview
In the 1960s, the U.S. Department of Defense began to put together the communications network that we now know as the Internet, an infrastructure made up of thousands of networks connecting through common routers. The DOD could never have imagined what would happen thirty years later.
In recent years, the Internet -- especially the World Wide Web -- has exploded with activity. Now, in addition to being a communications tool, the Internet has become a global marketplace with an endless variety of goods and services available at the click of the mouse. Among the commercial enterprises expressing interest in Internet commerce are banks seeking ways to improve service and make financial transactions more convenient for customers.
Security First Network Bank is leading the way in Internet banking services, and one reason for its outstanding performance is its serious approach to security. To establish a secure platform for financial commerce, Security First turned to Five Paces, Inc., a company dedicated to providing financial software which operates in a highly secure environment for the banking industry. Working through an affiliation with SecureWare, Inc. and HP, Five Paces has equipped Security First with a protected environment using measures previously available only to government agencies.
Security Architecture
Across the Internet
Security First utilizes several layers of technology to ensure the confidentiality of its transactions across the Internet. Security begins with your browser.The SSL protocol (Secure Sockets Layer) is used to provide privacy for the data flowing between the browser and the bank server. SSL, which is used in Netscape Navigator and Microsoft Internet Explorer, is an open protocol for securing data communication across computer networks, and it provides a secure channel for data transmission through its encryption capabilities. It allows for the transfer of digitally signed certificates for authentication procedures, and provides message integrity, ensuring that the data can't be altered somewhere along the pipeline.
When a customer account is created, the bank assigns a password which is sent to the customer along with an account verification letter. In addition to password protection, Security First also provides server authentication using the latest in public key cryptography.
Public/private key pairs are used specifically for authentication. The public key can be distributed, using a certificate that verifies the identity of the owner. The private key is kept secret. A message encrypted with a public key can only be read after decryption with the private key.
To start a transaction, the customer uses his or her browser to send a secure message via SSL to the bank. The bank responds by sending a certificate which contains the bank's public key. The browser authenticates the certificate, then generates a session key which is used to encrypt data traveling between the customer's browser and the bank server. The session key is encrypted using the bank's public key, and sent back to the bank. The bank decrypts this message using its private key, and then uses the session key for the remainder of the communication.
By exchanging messages using the public/private key pair, the customer can be assured they are actually communicating with the bank, and not a third party trying to intercept the transaction. When a session is encrypted, the key icon at the lower left corner of the browser's screen becomes solid, and a blue line appears at the top of the screen. If the key icon appears broken, encryption is not in use and the current session is not secure.
Don't worry if this all sounds like MISSION IMPOSSIBLE stuff to you -- Netscape Navigator and Internet Explorer do all of the work for you. We explained all of this just to assure you that the SSL protocol provides serious security.
Filtering Routers and Firewalls
Security First has gone to great lengths to ensure that your money and personal data are protected against any type of intruder or attack.
The bank is protected by a system of filtering routers and firewalls, which form a barrier between the outside Internet and the internal bank network. The filtering router verifies the source and destination of each network packet, and determines whether or not to let the packet through. Access is denied if the packet is not directed at a specific, available service.
The firewall is used to shield the bank's customer service network from the Internet. All incoming IP traffic is actually addressed to the firewall, which is designed to allow only e-mail into the customer service environment. Traffic through the firewall is subjected to a special proxy process which operates in much the same way as a filtering router, verifying the source and destination of each information packet. The proxy then changes the IP address of the packet to deliver it to the appropriate site within the customer service network. In this way, all inside addresses are protected from outside access, and the structure of the bank's internal networks is invisible to outside observers.
Virtual Vault
While there are important security issues associated with transit across the Internet, the greatest risk to your financial information occurs within the bank itself. Security First addresses this issue using SecureWare's SecureWeb platform. An important part of this architecture is the Trusted Operating System, the dominant security platform in government computing. Security First's use of this trusted operating system, called CMW+, represents the first commercial implementation of this highly successful platform, used for years by the Department of Defense and other high-security government agencies.
The trusted operating system acts as a "virtual vault," protecting customer information and funds inside the bank. It uses multilevel technology and contains privilege and authorization mechanisms to control access to functions and commands. It also contains an audit mechanism which records logins and logouts, use of privilege, access violations and unsuccessful network connections. This allows quick identification of any suspicious activity.
Internal Controls
Strict internal procedures are in place within Security First, controlling every aspect of bank administration from training employees to confirming customer transactions to preventing service interruptions.
New advances in security technology are happening daily, and Security First is constantly evaluating its security architecture to ensure that it provides the highest level of privacy and safety for bank customers. For more information about the bank's security architecture and plans for future releases, see the white paper titled, "A Closer Look At SFNB's Security Architecture."
Customer Responsibility
Customers have their own set of responsibilities in providing security for their Internet bank account. Passwords must be kept secret. Users should make sure that no one is physically watching as passwords are entered. It is important to remember to exit the browser when leaving the computer. If the PC is left unattended with the browser running and a valid user name and password cached, anyone can gain access to the account. Note: both Netscape and Internet Explorer also have options which allow users to clear cached files. Users should also take precautions to keep computers clean and free from viruses that could be used to capture password keystrokes.
Security Reference List
The following is a list of sites you can check out for additional information concerning Internet Security.
- SecureWare, Inc.
- Netscape Security, General
- Netscape onSSL
- The SSL Protocol
- Using RSA Public Key Cryptography
- RSA Data Security, Inc. --FAQ
Questions? Call 1-800-SFNB-321 or send e-mail to SFNB Support. SFNB Customer Service is available to assist you 24 hours a day, 7 days a week.
Copyright ©1995, 1996 Security First Network Bank and Tripod, Inc. All rights reserved.
Map | Search | Help | Send Us Comments