• Choose a category
• All
• Classic-Fiction

Figure 7.20 illustrates the process used in an SET transaction. The consumer must establish an electronic wallet that is issued by the consumer/issuing bank. When the consumer wants to make a purchase, they communicate with the merchant. The wallet is accessed to provide credit/payment information. The merchant then contacts the credit processor to complete the transaction. The credit processor interfaces with the existing credit network. In this situation, the transactions between the issuing bank, the consumer, the merchant, and the credit processor all use SET.

FIGURE 7.20 The SET transaction in process

Secure Shell

Secure Shell (SSH) is a tunneling protocol originally used on Unix systems. It’s now available for both Unix and Windows environments. The handshake process between the client and server is similar to the process described in SSL. SSH is primarily intended for interactive terminal sessions.

SSH can be used in place of the older Remote Shell (RSH ) utility that used to be a standard in the Unix world. It can also be used in place of rlogin and Telnet.

Figure 7.21 illustrates the SSH connection process. Notice that SSH connections are established in two phases: The first phase is a secure channel to negotiate the channel connection, and the second phase is a secure channel used to establish the connection.

Real World Scenario

Working with Credit Card Information Online

You’ve been asked to participate in a project that involves the transmission of credit card information between a group of retail stores and a credit card processing center. The security of this information is very important. Store employees will be using direct dial-in connections to the credit card processing center or the Internet. What should you evaluate?

You have several ways to go in this situation. Your dial-up and Internet connections present different concerns. Because you’re dealing with credit card information, the volume of information to be transmitted is relatively small. The information will include a card number, name, and the amount of the sale, as well as the expiration date. The processing center will probably send back a coded message and approval. Compared to a lot of interactions, this is a fairly small amount of data.

Your direct dial-in connections to the credit card center may not need to be encrypted. It’s difficult to tap a telephone line, and public access is hard to create. If your organization feels this is necessary, you’ll want to use a relatively quick encryption system, such as SET. Your Internet connections could use SET, SSL, TLS, or one of the other secure protocols discussed in this chapter.

FIGURE 7.21 The SSH connection-establishment process

An open-source, Telnet/SSH client gaining popularity on the Win32 platform is PuTTY (putty.exe). The download page for this utility can be found at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

Real World Scenario

Securing Unix Interactive Users

You’ve been asked to examine your existing Unix systems and evaluate them for potential security weaknesses. Several remote users need to access Telnet and FTP capabilities in your network. Telnet and FTP connections send the logon and password information in the clear. How could you minimize security risks for Telnet and FTP connections?

You should consider using a VPN connection between these remote connections and your corporate systems. One workable solution might be to provide SSH to your clients and install it on your Unix servers. Doing so would allow FTP and Telnet connectivity in a secure environment.

Pretty Good Privacy

Pretty Good Privacy (PGP) is a freeware e-mail encryption system. As mentioned earlier in the chapter, PGP was introduced in the early 1990s, and it’s considered to be a very good system. It’s widely used for e-mail security.

PGP uses both symmetrical and asymmetrical systems as a part of its process. Figure 7.22 provides an overview of how the various components