Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: wujh on June 20, 2011, 08:53:10 PM


Title: Tradehill PR dude: are you going to answer these questions or not?
Post by: wujh on June 20, 2011, 08:53:10 PM
Quote from: ivank2139 on Today at 01:59:27 pm
I have a few questions.

Did you hire a Security Professional?  A real one?  What are his qualifications?  What kind of testing, tools and monitoring has been put in place?

Have you implemetned a realistic Security Strategy, like "Defense in Depth".  Is each layer of the IT infrastructure down to the database is protected with ACL's and the minimum privileges possible.

Do you require users to have good pwd,  at least 16 characters long, digits, letters and special characters along with digital certificates.  

do you run your operations on a real Unix system?  Solaris or OpenSolaris are secure by default.  They are also "special " enough that not many hackers have expertise to penetrate it and it has very good support and Security features built in.  

Is your system hosted in the cloud?  

Are you using a well designed and professionally managed database?  Is this database being operated in the most secure manner possible?  Can you prove it and show evidence of an audit?

Everything should be logged and the logs monitored for attacks.  

Do you offer all users a digital certificate with your exchange being the CA.  

Is your entire operation behind a commercial firewall appliance and do you use a secure DNS?

What SEIM monitoring tools are in place?  You should have an SEIM monitoring solution from a reputable company.  I used AlienVault to gain experience but something even better might be a commercial offering.  Trustwave comes to mind that will audit your system and provide some certifications as to your compliance with all provisions of the NSA recommendations, and any other applicable authorities like the big exchanges.  

I think if you put this in place and let it be known upfront what is going on then you could easily attract as much business as you could handle.  With the best security in the bitcoin exchange arena you could charge more for trades and still get more customers.  With as much security as mentioned here it should be no problem for a big insurance agency like Loyds or whomever to insure each account and each trade to at least 250K bitcoins at a time or better.

You are going to be the number one target if you are successful.  Plan on it and plan on getting hit and have a plan to recover.

This is going to be a huge business with any luck and being the most secure will get you all the business you handle.


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines