I have to agree with Hal's post. When we first started to use Host
OnDemand one of the PC guys traced the traffic and was amazed that IBM
by default would encrypt TN3270 traffic. I was amazed because I did not
know that HOD supported encryption at that time, we are talking V1.
Well fast forward a couple years and I am tracing the same HOD traffic
and its not encrypted. I asked the PC guy why he thought it was
encrypted and he said when he looked at it, it was not in clear text. I
showed him the trace and he said see look its garbage so it must be
encrypted. I said, no is EBCDIC, using Ethereal I clicked on the EBCDIC
button and magically it was clear text. He had been using MS network
trace tool and had never seen EBCDIC before.
I have also had somebody show me how they were using SSH to encyrpt
XWindows. ssh to remote box and then start KDE, without redirecting to
the ssh session. He thought that X-Windows would know to use the ssh
session that he issued the command from. That is until I showed him
that it was using port 6000 on his box and not the ssh session.
Terry Linsley wrote:
The organization we service is suffering through an audit at the moment.
One of the things the auditors looked at was the secure file transfer proces I
had setup for that organization (OpenSSH based). They explained it
sufficiently, but the auditor had one last requirement. She wanted proof that
the data was actually being encrypted. ????
It is my understanding that OpenSSH encrypts the file in transit and does
not leave an encrypted copy of the data file lying around anywhere. So, I
cannot show them a copy of the encrypted file. I ran a transfer using the
most verbose debug level and it does not say anything like "now encrypting
file".
So, to satisfy the auditor (and my own curiosity), does anyone know how
to prove that OpenSSH is really encrypting the file? Of course one could hang
a sniffer on the network and sniff the datastream, but I did not want to go
that far. Thanks.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
