Bootable USBs for Consumer Security

Sunday, August 22, 2010

Brent Huston

E313765e3bec84b2852c1c758f7244b6

I gave a quick interview today for a magazine article to be printed in late July. The topic was pretty interesting; it revolved around consumer fears about online banking.

The key point of the discussion was that financial organizations are doing a ton of work on securing your data and their systems from attack. The major problem facing online banking today is really the consumer system.

So many home PCs are compromised or infected today that they represent a significant issue for the banking process.

The good news is that home systems can pretty easily be removed from the equation with a simple bootable LiveCD or USB key. It is quite easy (and affordable) to create Linux distros with very limited applications and security measures that enforce using it just for banking and other high risk transactions.

Solutions in this space are available in open source, community/payment supported and of course, full blown commercial software tools complete with a variety of VPN, access control and authentication tools.

You might even consider creating your own open source distro, labeled and logo branded to distribute for free to your customers. A few of my credit unions are taking this approach.

For the cost of CD duplication, they get the high trust customer contact and peace of mind of having a dedicated, trusted platform for their home banking. That, indeed, may be well worth the investment.

Cross-posted from State of Security

Possibly Related Articles:
11015
PCI DSS Webappsec->General
Banking Financial Services
PCI Financial Loss
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.