× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2002

Re: SSL vs VPN for CA/400

Scott,

Basically they want to allow some users to work from home during bad weather or
certain long hour days. They would be using only green screen and printer
emulation. I was thinking in cost terms but you make a bigger (and should be
the standard security process) point of only GIVING what is needed and not what
is convenient because of the packaging.

Thanks.

Roger Vicker, CCP

Scott Klement wrote:

> What exactly are you using SSL to protect?  I guess I'll assume you're
> protecting telnet/tn5250 logons...
>
> In that case, SSL can be (arguably) more secure than a VPN.  Turn on
> client authenticaion, so that the client MUST present a valid certificate,
> and have the AS/400 only accept certificates signed by itself.  Very
> secure.
>
> And what makes this even more secure than a VPN is that if the remote
> system were hacked (the end-user that's offsite) then they'd only be able
> to get a sign-on screen.  And with that, they'd have to know a name and
> password...   whereas, with a VPN, they'd have access to the whole
> network, potentially there'd be something exploitable.
>
> Of course, like everything in computer security, if it's set up poorly
> either option could be insecure...
>
> HTH
>
> On Wed, 6 Feb 2002, Roger Vicker, CCP wrote:
>
> > Hello,
> >
> > For an AS/400 (V5R1M0) tucked behind a firewall would using SSL be
> > that much more of a risk than using the firewall's VPN upgrade and
> > clients? By opening the needed SSL ports and issuing the certificates
> > the cost would be minor compared to VPN. The expected users would not
> > need access to other protected network resources so that added
> > capability of VPN is not needed.
> >
> > Thanks for your expertise and opinions,
> >
> > Roger Vicker, CCP
>
> _______________________________________________

--
*** Vicker Programming and Service *** Have bits will byte *** www.vicker.com
***
So Many Messages!.............So Little Time!

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.