Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RE: Proving non-repudiation in e-Commerce App

from [bitshield] Network Security [Permanent Link]
Subject: Re: RE: Proving non-repudiation in e-Commerce App
Date: 2 Jun 2006 11:19:39 -0000 
Hi Craig

thanks for your indepth explanation. You are right, the term prove is too 
strong. I want to be able to say the customer: "Yes your system implements 
non-repudiation on a best-practice basis. Whenever there are problems then you 
have good chances to take legal action".
What does this actually mean? I want to illuminate each component (as you told) 
the application. For doing that I have to know how one implements a proper 
non-repudiation. For example:

How does the application log have to look like? I guess the log will be an 
important part, where you can trace and backup the transactions. How does a log 
entry look like, to prove that it couldn't be altered by the sysadmin or by a 
hacker?

Every action triggered by the client should somehow be signed using the clients 
private-key and then stroed in a DB or a log file. I think such a solution 
would implement non-repudiation. What do you guys think? Are there other or 
better practices? I'm looking for applied practices.

Thanks
Joe
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Opinon of Fortinet Products, xraytech
Next by Date:  RE: AD Policy audit tool for Windows 2000, Roger A. Grimes
Previous by Thread:  Re: Proving non-repudiation in e-Commerce App, Saqib Ali
Next by Thread:  Opinon of Fortinet Products, KImberly F. Adams
Indexes:  [Date] [Thread] [Top] [All Lists]