Re: Green-screen versus browser

> Our network guy sniffed the AS400 network traffic and was able to sign on
as QSECOFR more than once :(.

if you set Client Access to "bypass signon" and have os400 system value for
qrmtsign (i think that's it..) to *verify , the CA will only do the
"windows" signon box, and bypass the green screen telnet signon. It is the
green screen signon that is easily sniffed. The 1st "windows" signon is
encrypted (not heavy encryption, but certainly not clear text).
jim

----- Original Message ----- 
From: "Lim Hock-Chai" <Lim.Hock-Chai@xxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Tuesday, April 26, 2005 3:38 PM
Subject: RE: Green-screen versus browser


> Our network guy sniffed the AS400 network traffic and was able to sign on
as QSECOFR more than once :(.
>
> One of the most scary part, I think anyway, is to enable the browser base
5250 to the internet world as a way to let user access green screen app
anytime, anyway.  What happen if somebody somehow figure out the password to
QSECOFR user.  He is no longer control by the app, he practically can do
anything to the AS400.
>
>
>
> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of rob@xxxxxxxxx
> Sent: Tuesday, April 26, 2005 2:15 PM
> To: Midrange Systems Technical Discussion
> Subject: RE: Green-screen versus browser
>
> <clip>
> 5250 traffic can be sniffed just as
> easily as any other network traffic.  Therefore I don't find it anymore
> secure.
> </clip>
>
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>