×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
On Fri, Oct 3, 2008 at 9:26 PM, Charles Wilt <charles.wilt@xxxxxxxxx> wrote:
In all fairness, this risk is lower now than it used to be due to the
use of network switches.
With a switch instead of a hub, the only packets that get sent down a
users wire are the ones destined for his/her PC.
In theory.
There exists a multitude of techniques to trick a switch into
rerouting packets to the wrong ports (arp spoofing, mac overflow), and
also more subtle attacks (for example, manipulating DNS so that Client
Access connects to the wrong ip address, which is transparently NATd
to the correct one.
There are several technologies available to alleviate some of these
techniques, like 802.1x authentication on the port level, port
security, etc.
But the correct and easiest way is to use SSL on the application level
COMBINED with 802.1x.
Plaintext authentication is no longer acceptable, except maybe in
closed circuit networks with only trusted machines and in physically
secure location (so, almost nowhere).
The same risks go for FTP, HTTP, etc.
Sadly, IBM does not secure IBM i OS by default - this is a point that
badly needs improvement (yes, i submitted a DCR).
midrange.com
