Alan, you are correct - passwords are encrypted, which is done using a
custom https front end solution that connects to our DOD IP network at
a couple network boundary locations. From there, the session is
connected to our isolated SNA networks in the background.
The Ports and Protocols List prohibits both the port (23) and the
protocol (telnet), so "hiding" telnet on an alternate port is not an
option.
At least for those of us who possess and would like to keep security
clearances.. :)
If IBM is weighing the future of VM/VTAM support either on IFLs or
standard CPs (and I get the feeling reading this list that they are),
then they can consider VM/VTAM a critical requirement for us.
Regards,
Denny Burch
z/VM and z/LINUX Systems
DISA DECC Mechanicsburg
717 605-1181
(dsn) 430-1181
-----Original Message-----
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Alan Altmark
Sent: Monday, April 28, 2008 13:36
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: VTAM on an IFL?
On Monday, 04/28/2008 at 11:42 EDT, "Burch, Aubrey Dennis CIV DISA GS4B"
<[EMAIL PROTECTED]> wrote:
> We are uncomfortably restricted in that the Department of Defense
> (DOD) Ports and Protocols List prohibits the use of telnet (even SSL),
> and port 23 is being systematically closed at all our firewalls in
> order to comply with our security directives, so essentially we're
> left with VTAM for remote logon access.
Start the telnet server listening on port 22 (the ssh port) and
configure your (secure) telnet client to connect to it. Et voila! No
more nasty, smelly port 23!
Even though it's an SNA network, don't you still have the policy of
encrypting passwords over a network? (Undoubtedly the rationale for
burying evil telnet in favor of the angelic ssh.)
Alan Altmark
z/VM Development
IBM Endicott
