How does the connection get established in online banking? Just with SSL? I searched the internet for that, but there are just 'user guides' if you want to use online banking but not how it works on a technical level.
-
1Yes, typically the connection is established via HTTP over TLS. Within the applications that are used by various banks other controls are used for further hardening. – Tom K. Oct 02 '18 at 11:39
-
3There's plenty of technical info online. Perhaps start with this: https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work – paj28 Oct 02 '18 at 12:15
1 Answers
In most cases, HTTP over TLS will be used for data in transit. But that's not enough security. You still need many controls at the application and data levels. For instance, you might want to do the following:
- Encrypt critical data at rest in your storage (databases, warehouses, etc.).
- Have an access control policy within your applications.
- Monitor your critical applications and infrastructure.
- Make audit trails in case of incidents.
There're a lot more of this. I know this answer might seem a little introductory. However, let me wrap it up by quoting this principle of Cybersecurity:
The more security you imprint in your organization, the less functionality you have.
So you always want to find the exact balance your organization needs. Some need more, some need less. Banking is probably one of the industries that need more security, so you might want to read more about Cybersecurity, for example, this article explaining the Cybersecurity triads: https://cyberstartupobservatory.com/correctly-understanding-the-cyber-security-triads/