Some actually don't like -encrypted- transfers because they can't monitor what is passing over the network. Worse, there is no way to detect and filter malware.
Recall that encrypted zip files were a very popular attack vector not so long ago. Not clear what countermeasures will be effective once point to point encryption is in place as the auditors and 'experts' insist. Just one example of why auditors should not set policy either directly or indirectly. I wonder if the malware risks outweigh the intercept risks in reality. My $0.02 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Shmuel Metz (Seymour J.) Sent: Monday, January 14, 2008 11:13 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Encrypted transfers to/from vendors In <[EMAIL PROTECTED]>, on 01/14/2008 at 10:25 AM, "Patrick O'Keefe" <[EMAIL PROTECTED]> said: >I assume there are some shops with policies that forbid transfers across >the web I doubt it; such a policy would accomplish nothing. I suspect that a lot of shops have policies that restrict all unencrypted external transfers, whether or not the web is involved. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see <http://patriot.net/~shmuel/resume/brief.html> We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
