Terry Linsley wrote:
The organization we service is suffering through an audit at the moment. One of the things the auditors looked at was the secure file transfer proces I had setup for that organization (OpenSSH based). They explained it sufficiently, but the auditor had one last requirement. She wanted proof that the data was actually being encrypted. ???? It is my understanding that OpenSSH encrypts the file in transit and does not leave an encrypted copy of the data file lying around anywhere. So, I cannot show them a copy of the encrypted file. I ran a transfer using the most verbose debug level and it does not say anything like "now encrypting file". So, to satisfy the auditor (and my own curiosity), does anyone know how to prove that OpenSSH is really encrypting the file? Of course one could hang a sniffer on the network and sniff the datastream, but I did not want to go that far. Thanks.
If you really need to provide proof that the packets in transit are encrypted, the probably easiest thing to do is to install Ethereal on a PC, start an SFTP file transfer between the PC and the z/OS system (you could use PUTTY on a Windows system for that purpose) and capture the packets with Ethereal. You don't even have to capture in promiscuous mode for this purpose. Ethereal will format the TCP packets nicely so you can see the negotiation and the encrypted data and provide the needed proof.
-- Ulrich Boche SVA GmbH, Germany IBM Premier Business Partner ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
