|
SSL:
IAGIM insures and guarantees any credit card transaction.
In this review, we point out one of the lesser-known weaknesses
of most networks. IAGIM and LIG have developed systems and software
to overcome and eliminate ALL the Internet flaws of the secure
web servers and data transfer.
Additional
IAGIM provides round-the-clock
US
and global fax
facilities to receive sensitive credit card data from new clients
or members who have always relied on secure fax-to-fax
communications. (See fax numbers below). Routine and general
order data may be sent by e-mail or through our online SSL facilities.
Furthermore
all IAGIM and LocumGroup orders are insured- The 100% insurance
cost is included in normal international clearance charges added
to the purchase (which is 2.2 %
VISA or 3.0 % AMEX and 2.4
% MasterCard). In addition all IAGIM
purchases are 100% fully covered for transit loss or damage.
When multiple subscriptions or purchases are required Locum
or IAGIM Association may request a wire or electronic
bank transfer.
CREDIT
CARDS SECURITY - If ever there is intentional or accidental
misuse of a client credit card number in any process of the
transaction, attributed to an IAGIM
payment system, data storage, processing or any procedural method
whatsoever, IAGIM will cover
and refund 100% of the misused amount.
Any
damage occurring to a product or purchase - IAGIM
will forward an immediate 100% replacement within 48 hours.
Furthermore IAGIM will hold
credit card numbers for 24 hours only. No clients credit card
numbers are ever kept electronically - insuring client 100%
protection.
SSL SECURITY- A False Sense of Security?
How
many times have clients encountered web sites that reassure
them about their security just because they use SSL? You see
statements such as, "Your transactions are protected by SSL."
What does this statement really mean?
The
Secure Sockets Layer (SSL) protocol encrypts data in transit
between browsers and web servers only. The encryption prevents
eavesdroppers from viewing session data such as passwords or
credit card numbers, while traveling the Internet.
At IAGIM
no credit card number is ever stored electronically -again insuring
100% protection. Thus there is nothing on our computers to hack.
SECURE
SERVERS - https://
Virtually
all web servers that process sensitive information, financial
data, or require authentication use SSL encryption. (When you
see the ~s in https in the URL of your Web browser, you
are accessing an SSL-enabled web server). IAGIM
does not store credit
card numbers electronically - thus computers are 100% hackproof.
The Pro's and
Con's
Does
SSL really secure sites against hackers? Let's take a closer
look at what SSL really secures, how hackers can sometimes launch
attacks through SSL, and how, as a countermeasure, administrators
can audit and monitor SSL-enabled sites.
Myth:
- SSL Secures Hosts or Applications
SSL is not designed to secure the operating system; rather,
it is designed to secure data in transit.
Think of SSL as a "cryptographic pipe" between the web browser
(you) and the web server. This pipe encrypts data as it flows
back and forth between the user and the web site.
SSL does not eradicate or mitigate vulnerabilities on the web
server. Behind the SSL pipe lie the same web server programs,
Web applications, CGI scripts, and back-end databases as on
normal, non-SSL-enabled web sites. At IAGIM
no credit
card details are stored electronically - thus cannot be accessed.
Unfortunately,
many company administrators assume that SSL-enabled web servers
are automatically secure. In fact, as we will see, SSL-enabled
web servers are not secure and are vulnerable to the
very same attacks that compromise other web servers. At
IAGIM this
problem cannot exist.
SSL
- Enabled Web Servers are Infrequently Audited and Monitored
The
same unique properties of SSL that make it a universal choice
for secure commerce also create problems for security administrators
because administrators cannot use current vulnerability scanners
or network intrusion detection systems (IDS) to audit or monitor
SSL transactions.
Network
intrusion detection systems monitor network traffic for unauthorized
activity. Any activity that matches a known attack signature or
that is unauthorized by policy is flagged for administrator review.
In order for a network IDS (intrusion detection systems) to function,
the IDS must be able to view all traffic, but SSL encryption renders
HTTPS traffic invisible to an IDS.
Furthermore,
although popular security scanners, audit normal web servers
for known vulnerabilities, such scanners don't check SSL-enabled
servers. SSL-enabled web servers can and do possess those same
vulnerabilities, but presumably because of the time or difficulty
involved in establishing SSL connections, security scanners
do not audit SSL-enabled web servers. The combination of no
network monitoring and no vulnerability auditing leaves the
most critical servers the least well-protected.
Comments:
Any
modifications to this policy will be posted on this page. We
welcome any questions or comments you have; please direct them
to Contact
IAGIM
- Global Leaders in Internet Security
|
Global Work Shops
|
Shipping
| Secure
Fax |
FastTrack
|
Press Reports
| New
Conferences |

We authorize internet transactions - Anywhere !
|