The organization we service is suffering through an audit at the moment.
One of the things the auditors looked at was the secure file transfer proces I
had setup for that organization (OpenSSH based). They explained it
sufficiently, but the auditor had one last requirement. She wanted proof that
the data was actually being encrypted. ????
It is my understanding that OpenSSH encrypts the file in transit and does
not leave an encrypted copy of the data file lying around anywhere. So, I
cannot show them a copy of the encrypted file. I ran a transfer using the
most verbose debug level and it does not say anything like "now encrypting
file".
So, to satisfy the auditor (and my own curiosity), does anyone know how
to prove that OpenSSH is really encrypting the file? Of course one could hang
a sniffer on the network and sniff the datastream, but I did not want to go
that far. Thanks.
[xposting to IBMTCP-L and MVS-OE lists]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
