Alan, you are correct - passwords are encrypted, which is done using a custom https front end solution that connects to our DOD IP network at a couple network boundary locations. From there, the session is connected to our isolated SNA networks in the background.
The Ports and Protocols List prohibits both the port (23) and the protocol (telnet), so "hiding" telnet on an alternate port is not an option. At least for those of us who possess and would like to keep security clearances.. :) If IBM is weighing the future of VM/VTAM support either on IFLs or standard CPs (and I get the feeling reading this list that they are), then they can consider VM/VTAM a critical requirement for us. Regards, Denny Burch z/VM and z/LINUX Systems DISA DECC Mechanicsburg 717 605-1181 (dsn) 430-1181 -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark Sent: Monday, April 28, 2008 13:36 To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VTAM on an IFL? On Monday, 04/28/2008 at 11:42 EDT, "Burch, Aubrey Dennis CIV DISA GS4B" <[EMAIL PROTECTED]> wrote: > We are uncomfortably restricted in that the Department of Defense > (DOD) Ports and Protocols List prohibits the use of telnet (even SSL), > and port 23 is being systematically closed at all our firewalls in > order to comply with our security directives, so essentially we're > left with VTAM for remote logon access. Start the telnet server listening on port 22 (the ssh port) and configure your (secure) telnet client to connect to it. Et voila! No more nasty, smelly port 23! Even though it's an SNA network, don't you still have the policy of encrypting passwords over a network? (Undoubtedly the rationale for burying evil telnet in favor of the angelic ssh.) Alan Altmark z/VM Development IBM Endicott