SmokeyDog
10+ year member
CarAudio.com Elite
i dont online bank. dont take the risk at all. paying the phone bill over the phone with *3 is all i do. everything else is the mail.
Yeah and the mail is real safe.
dman4486
5,000+ posts
RememberedHowToChangethis
depends on where you work...
If you can't trust the machine you use at home then there is something wrong. Also, if you feel you cannot trust the 128 bit (or better) SSL encryption provided by your bank then something else is wrong.
At work, your network infrastructure may have an SSL-based malware scanner which would mean they would have capabilities to perform man-in-the-middle decryption/encryption to make sure communications are clean. This may or may not be an issue for you.
At work, your network infrastructure may have an SSL-based malware scanner which would mean they would have capabilities to perform man-in-the-middle decryption/encryption to make sure communications are clean. This may or may not be an issue for you.
- Thread Starter
- #7
His personal VPN router.
- Thread Starter
- #8
A global fortune-100 company.
SmokeyDog
10+ year member
CarAudio.com Elite
i think its safer then online you cant use checks now adays anyways and if so i ant worth anything we have no money to steal
- Thread Starter
- #10
I should have clarified in my original post (I have edited it for this reason): I support online banking on both my home computer and my work computer. He supports only home computer.
In response to my company, I know they can remote-access at anytime as well, but I still trust them.
If there is an established and trusted SSL connection between his browser and the online bank, VPN is pretty much useless.
And if you work for a fortune-100 company you can guarantee that *all* of your communications are being monitored - whether they are encrypted or not.
Do you trust them?
low00ranger
10+ year member
Senior VIP Member
Global Fortune 100 companies have good money to spend on IT. IT is important to them. What's also important to them is that they cover their tails and protect themselves from the insider threat(blackmailing, proprietary data exfiltration, etc). How do you know your company isn't performing full packet captures for employee traffic to public sites? If they need to launch an investigation to fire an employee and possibly press charges, they need real evidence to prove an employee is violating policy or laws. While your SSL sessions probably aren't decrypted and stored on-the-fly(unless you all route through a proxy), the encrypted packet captures can always be decoded. They definitely keep your browsing history and usage offline at a minimum. Also, how do you know they don't have software or hardware keyloggers? Heard of the firmware update for new iMac keyboards that include a handy keylogger no AV will detect?
I'm mainly playing the advocate but my point is, there will always be security holes. Don't put your trust in any more people than you absolutely have to. I trust my personal home browsing more simply because I have full control over my network. Your company is much more of a target than your home network. Your Fortune 100 company's network can be fully compromised and the main employee base never even know about it. Or the company was compromised and the public does know... but who cares, the "bad guys" got what they wanted.
If I think something's fishy at home I can check my router logs, look at connection tables, run hijack this, etc. In any case you need to monitor all money trails and as painful as it is, change your passwords every 90 days at a minimum.
I'm mainly playing the advocate but my point is, there will always be security holes. Don't put your trust in any more people than you absolutely have to. I trust my personal home browsing more simply because I have full control over my network. Your company is much more of a target than your home network. Your Fortune 100 company's network can be fully compromised and the main employee base never even know about it. Or the company was compromised and the public does know... but who cares, the "bad guys" got what they wanted.
If I think something's fishy at home I can check my router logs, look at connection tables, run hijack this, etc. In any case you need to monitor all money trails and as painful as it is, change your passwords every 90 days at a minimum.
Activity
No one is currently typing a reply...
Similar threads
About this thread
- Start date
- Participants
- Who Replied
- Replies
- 12
- Views
- 183
- Last reply date
- Last reply from
- low00ranger
