Larry,
We ran into the same issue with the auditors. Yes it was the ID/Password being sent in clear text that they were concerned about. We ended up implementing IPSec on all our regulated iSeries, AIX and Widows machines. IPSec is a VPN tunnel. During this implementation we found that IBM was not following the ratified standard for handling digital certificates and fought with them and got them to provide a V5R4 PTF to fix their issues. The solution works great but is a slight pain to setup.
John Bresina | Sr Server Engineer | Target Technology Services - iSeries| ¤Target | 33 S. 6th St, CC-1175 | Minneapolis, MN 55402 | 612 304 3665 (ph) |
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Ketzes, Larry
Sent: Thursday, October 02, 2008 2:17 PM
To: 'Midrange Systems Technical Discussion'
Subject: Telnet concerns from auditors
Has anyone had to explain to an auditor the use of telnet by users to get to
the iSeries? Our auditors are saying they are very concerned about our use
of telnet.
Would I be correct in saying the risk the auditors are concerned
about is the ID and Password being sent in clear text? This is corrected,
of course, by using the 'bypass signon' feature in iSeries Navigator.
Is there any other thing about telnet that they would be concerned
about?
Thanks, Larry
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-l.
midrange.com
