Re: Need new 3270 emulator: SSH, inexpensive, reliable

Eric Chevalier wrote: On 25 Aug 2009 14:14:56 -0700, hmerr...@jackhenry.com (Hal Merritt) wrote: VPN is a good solution, but not PCI compliant. That statement just doesn't make sense, and even verges on being factually incorrect. The current PCI DSS document, version 1.2.1, _explicitly_ menti

Re: Need new 3270 emulator: SSH, inexpensive, reliable

ost in that discussion http://www.garlic.com/~lynn/2009m.html#22 misc. past posts in this thread: http://www.garlic.com/~lynn/2009m.html#5 Need new 3270 emulator: SSH, inexpensive, reliable http://www.garlic.com/~lynn/2009m.html#7 Need new 3270 emulator: SSH, inexpensive, reliable http://www.garlic.com/

Re: Need new 3270 emulator: SSH, inexpensive, reliable

John Mattson writes: >Tell me more about "self-sign"... We have users outsife of our >Domain, and we do not want to manage PC's and Certs for users >around the world. Ah, now I see the source of your confusion. TLS and SSL do not require client certificates. TLS/SSL supports them if you want some

Re: Need new 3270 emulator: SSH, inexpensive, reliable

08/27/2011 To IBM-MAIN@bama.ua.edu cc Subject Re: Need new 3270 emulator: SSH, inexpensive, reliable >You do not *have* to pay for an SSL certificate. You can self-sign a >certificate if all you want out of this is encryption. -

Re: Need new 3270 emulator: SSH, inexpensive, reliable

mailto:ibm-m...@bama.ua.edu] On Behalf Of Walt Farrell Sent: Thursday, August 27, 2009 9:03 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable On Wed, 26 Aug 2009 13:26:44 -0400, Finch, Steve wrote: >Most VPNs do not encrypt the connection from endpoin

Re: Need new 3270 emulator: SSH, inexpensive, reliable

wfarr...@us.ibm.com (Walt Farrell) writes: > So use the VPN technology that's built-in to z/OS (IPSec), and forego using > an external appliance. re: http://www.garlic.com/~lynn/2009m.html#5 Need new 3270 emulator: SSH, inexpensive, reliable http://www.garlic.com/~lynn/2009m.html#7 Ne

Re: Need new 3270 emulator: SSH, inexpensive, reliable

On Wed, 26 Aug 2009 13:26:44 -0400, Finch, Steve wrote: >Most VPNs do not encrypt the connection from endpoint to endpoint, which >is what is PCI requires. The VPN would need to start on the mainframe >and go all the way to the PC. Most VPN run on a appliance (server), a >hop away from the mainfr

Re: Need new 3270 emulator: SSH, inexpensive, reliable

>IBM Mainframe Discussion List >Expire Date: 08/25/2011 > > >To >IBM-MAIN@bama.ua.edu >cc > >Subject >Re: Need new 3270 emulator: SSH, inexpensive, reliable > > > > >On Tue, 25 Aug 2009 10:35:18 -0700, John Mattson > wrote: >> ... Management ...

Re: Need new 3270 emulator: SSH, inexpensive, reliable

Now the discussion is about VPN and SSL (or SSH) - is it redundant or not. Well, it depends on VPN implementation details, on security requirements (shall we allow unencrypted traffic within datacenter or not), etc. I would pay attention to different aspect: the cost of SSL as add-on to VPN. T

Re: Need new 3270 emulator: SSH, inexpensive, reliable

z/OS can certainly be a VPN endpoint. z/OS supports IPSec, for example, and much IPSec-related processing can run on zIIP(s). I agree with the other posters, though, that (at least as the original question was phrased *) TLS/SSL is the way to go, and mainframe-direct. Yes, it is possible to use se

Re: Need new 3270 emulator: SSH, inexpensive, reliable

steve.fi...@eds.com (Finch, Steve) writes: > Most VPNs do not encrypt the connection from endpoint to endpoint, which > is what is PCI requires. The VPN would need to start on the mainframe > and go all the way to the PC. Most VPN run on a appliance (server), a > hop away from the mainframe. The "l

Re: Need new 3270 emulator: SSH, inexpensive, reliable

inch EDS, an HP company -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Walt Farrell Sent: Wednesday, August 26, 2009 12:03 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable On Tue, 25 Aug 2009 16:1

Re: Need new 3270 emulator: SSH, inexpensive, reliable

. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Eric Chevalier Sent: Wednesday, August 26, 2009 11:23 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable On 25 Aug 2009 14:14:56 -0700, hmerr...@jackhenry.com

Re: Need new 3270 emulator: SSH, inexpensive, reliable

26, 2009 11:03 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable On Tue, 25 Aug 2009 16:13:28 -0500, Hal Merritt wrote: >VPN is a good solution, but not PCI compliant. You shouldn't have sensitive data flowing over a network in the open. Perio

Re: Need new 3270 emulator: SSH, inexpensive, reliable

On Tue, 25 Aug 2009 10:35:18 -0700, John Mattson wrote: >Management is jumping for PCI and JSOX, and now wants a SSH based >3270 emulation for accessing mainframe TSO, CICS, and such apps. Please You could keep your same emulator and use ssh to tunnel the sessions into the host. That'd

Re: Need new 3270 emulator: SSH, inexpensive, reliable

On 25 Aug 2009 14:14:56 -0700, hmerr...@jackhenry.com (Hal Merritt) wrote: >VPN is a good solution, but not PCI compliant. That statement just doesn't make sense, and even verges on being factually incorrect. The current PCI DSS document, version 1.2.1, _explicitly_ mentions VPN as an approved te

Re: Need new 3270 emulator: SSH, inexpensive, reliable

On Tue, 25 Aug 2009 16:13:28 -0500, Hal Merritt wrote: >VPN is a good solution, but not PCI compliant. You shouldn't have sensitive data flowing over a network in the open. Period. You would use VPN to gain access to the network, but layer another solution such as TLS on top. I don't understand

Re: Need new 3270 emulator: SSH, inexpensive, reliable

On Tue, 25 Aug 2009 16:13:28 -0500, Hal Merritt wrote: >... > >VPN is a good solution, but not PCI compliant. You shouldn't >have sensitive data flowing over a network in the open. Period. >You would use VPN to gain access to the network, but layer >another solution such as TLS on top. >...

Re: Need new 3270 emulator: SSH, inexpensive, reliable

John, if you need a cheap and reliable 3270 Emulation then give Vista tn3270 a try. see www.tombrennansoftware.com Since V1.26 it supports secure connections over a SSL connection - I guess this is what you need. The pros and cons of (all) 3270 emulations have been discussed here before.

Re: Need new 3270 emulator: SSH, inexpensive, reliable

John Mattson pisze: I would recommend Nexus which is cheap and has great support. http://www.nexit.com/ Or free x3270. http://x3270.bgp.nu/ -- Radoslaw Skorupka Lodz, Poland -- BRE Bank SA ul. Senatorska 18 00-950 Warszawa www.brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodar

Re: Need new 3270 emulator: SSH, inexpensive, reliable

We've got Tectia SSH as a replacement for telnet to login to a z/OS UNIX shell. Unfortunately, Tectia doesn't support the chcp command, which makes it pretty much unusable for me. We've got an elder release (5.3.7.21) so this may well have changed. I tried to find a hint in the doc on their web si

Re: Need new 3270 emulator: SSH, inexpensive, reliable

- Original Message - From: "John Mattson" Newsgroups: bit.listserv.ibm-main Sent: Tuesday, August 25, 2009 4:26 PM Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable EXCELLENT Question. The kind on insight I need here. We use Rumba, running on a Wind

Re: Need new 3270 emulator: SSH, inexpensive, reliable

ussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of John Mattson Sent: Tuesday, August 25, 2009 3:25 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable EXCELLENT Question. The kind on insight I need here. We use Rumba, running on a Windows serve

Re: Need new 3270 emulator: SSH, inexpensive, reliable

ployment ... now frequently called "electronic commerce" > ... we had to investigate some number of these new operations called > "Certification Authorities" that were issuing things called "digital > certificates". re: http://www.garlic.com/~lynn/2009m.html#5 N

Re: Need new 3270 emulator: SSH, inexpensive, reliable

8/25/2009 12:43 PM Please respond to IBM Mainframe Discussion List Expire Date: 08/25/2011 To IBM-MAIN@bama.ua.edu cc Subject Re: Need new 3270 emulator: SSH, inexpensive, reliable On Tue, 25 Aug 2009 10:35:18 -0700, John Mattson wrote: > ... Management ... now wants a SSH based &

Re: Need new 3270 emulator: SSH, inexpensive, reliable

John Mattson wrote: > I am learning this as I go. As I understand it, SSH supports > higher security levels (management wants this) than SSL/TLS. And SSL > ??? but SSH uses the very same SSL under the covers ... how does it support higher security levels? > requires Certificate author

Re: Need new 3270 emulator: SSH, inexpensive, reliable

gib...@wsu.edu (Gibney, Dave) writes: > You are not correct. You can make SSL optional and therefore clear if > it is not used, if the connection is secure, all data (including > Userid/password) is encrypted. re: http://www.garlic.com/~lynn/2009m.html#5 Need new 3270 emul

Re: Need new 3270 emulator: SSH, inexpensive, reliable

On Tue, 25 Aug 2009 10:35:18 -0700, John Mattson wrote: > ... Management ... now wants a SSH based >3270 emulation for accessing mainframe TSO, CICS, and such apps. >... Uh, something I've missed in the thread so far: What are you going to talk to? Does some vendor produce an SSH-base

Re: Need new 3270 emulator: SSH, inexpensive, reliable

nframe Discussion List [mailto:ibm-m...@bama.ua.edu] On > Behalf Of John Mattson > Sent: Tuesday, August 25, 2009 12:33 PM > To: IBM-MAIN@bama.ua.edu > Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable > > Am I correct in that SSL sends UID and Passwords in the clear,

Re: Need new 3270 emulator: SSH, inexpensive, reliable

> > "Gibney, Dave" > Sent by: IBM Mainframe Discussion List > 08/25/2009 11:29 AM > Please respond to > IBM Mainframe Discussion List > Expire Date: 08/25/2011 > > > To > IBM-MAIN@bama.ua.edu > cc > > Subject > Re: Need new 3270 emulator: S

Re: Need new 3270 emulator: SSH, inexpensive, reliable

1 To IBM-MAIN@bama.ua.edu cc Subject Re: Need new 3270 emulator: SSH, inexpensive, reliable > I'm not an encryption expert, but I seriously doubt SSH (which has always seemed flakey to me) is more secure than SSL. -

Re: Need new 3270 emulator: SSH, inexpensive, reliable

mp...@novell.com (Mark Post) writes: > SSH depends on SSL to do its encryption. SSH & SSL both do public key operations SSL(/TLS) has bunch of stuff in the protocol with (public key) digital certificates. SSH protocol doesn't require digital certificates for its public key operations. some "ope

Re: Need new 3270 emulator: SSH, inexpensive, reliable

>>> On 8/25/2009 at 2:27 PM, "Gibney, Dave" wrote: -snip- > I'm not an encryption expert, but I seriously doubt SSH (which has > always seemed flakey to me) is more secure than SSL. SSH depends on SSL to do its encryption. Mark Post

Re: Need new 3270 emulator: SSH, inexpensive, reliable

> -Original Message- > From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On > Behalf Of John Mattson > Sent: Tuesday, August 25, 2009 10:58 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable > > >

Re: Need new 3270 emulator: SSH, inexpensive, reliable

ired (1969-1991) From: John Mattson To: IBM-MAIN@bama.ua.edu Sent: Tuesday, August 25, 2009 1:35:18 PM Subject: Need new 3270 emulator: SSH, inexpensive, reliable         Management is jumping for PCI and JSOX, and now wants a SSH based 3270 emulation for

Re: Need new 3270 emulator: SSH, inexpensive, reliable

5 Aug 2009 10:40:28 -0700 > > From: "Gibney, Dave" > > Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable > > I don't know (never looked) of any SSH TN3270. I would suggest a VPN > tunnel. > > Why SSH, TLS/SSL is almost trivial to implement th

Re: Need new 3270 emulator: SSH, inexpensive, reliable

wants a SSH based 3270 emulation for accessing mainframe TSO, CICS, and such apps We're getting sent to the SecureAgent 3270 emulator and it's fairly awful, so I'd be interest in any emulators that you find. Jack Kelly 202-502-2390 (Office) ---

Re: Need new 3270 emulator: SSH, inexpensive, reliable

or, so at least someone thinks it is possible. > Date:Tue, 25 Aug 2009 10:40:28 -0700 > From:"Gibney, Dave" > Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable > I don't know (never looked) of any SSH TN3270. I would suggest a VPN

Re: Need new 3270 emulator: SSH, inexpensive, reliable

Behalf Of John Mattson > > Sent: Tuesday, August 25, 2009 10:35 AM > > To: IBM-MAIN@bama.ua.edu > > Subject: Need new 3270 emulator: SSH, inexpensive, reliable > > > > > > Management is jumping for PCI and JSOX, and now wants a SSH > > based > >

Re: Need new 3270 emulator: SSH, inexpensive, reliable

; From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On > Behalf Of John Mattson > Sent: Tuesday, August 25, 2009 10:35 AM > To: IBM-MAIN@bama.ua.edu > Subject: Need new 3270 emulator: SSH, inexpensive, reliable > > > Management is jumping for PCI and J

Need new 3270 emulator: SSH, inexpensive, reliable

Management is jumping for PCI and JSOX, and now wants a SSH based 3270 emulation for accessing mainframe TSO, CICS, and such apps. Please feel free to contact me off-list, or phone 562-290-4163, I am looking for actual user/installer endorsements and experiences, good or bad. Vendors