On Monday, 04/28/2008 at 02:10 EDT, "Burch, Aubrey Dennis CIV DISA GS4B" <[EMAIL PROTECTED]> wrote: > Alan, you are correct - passwords are encrypted, which is done using a > custom https front end solution that connects to our DOD IP network at > a couple network boundary locations. From there, the session is > connected to our isolated SNA networks in the background. > > The Ports and Protocols List prohibits both the port (23) and the > protocol (telnet), so "hiding" telnet on an alternate port is not an > option.
Protocol hiding was tongue-in-cheek, of course! :-) https is just as vulnerable as secure telnet, so I don't see the advantage. > At least for those of us who possess and would like to keep security > clearances.. :) > > If IBM is weighing the future of VM/VTAM support either on IFLs or > standard CPs (and I get the feeling reading this list that they are), > then they can consider VM/VTAM a critical requirement for us. It is the "Ports and Protocols List" that is the problem, not VTAM. It increases the cost (for the taxpayers, in this case!) for no good reason or additional security. I had rather thought that the cost issue would have won the day. (sigh) I guess it is time for IBM and DISA to meet and for one of us to have our attitudes adjusted. Someone, somewhere, is basing The List on decades-old FUD. Alan Altmark z/VM Development IBM Endicott
