Eric Chevalier wrote:
On 25 Aug 2009 14:14:56 -0700,
hmerr...@jackhenry.com (Hal Merritt) wrote:
VPN is a good solution, but not PCI compliant.
That statement just doesn't make sense, and even verges on being
factually incorrect. The current PCI DSS document, version 1.2.1,
_explicitly_ menti
ost in that discussion
http://www.garlic.com/~lynn/2009m.html#22
misc. past posts in this thread:
http://www.garlic.com/~lynn/2009m.html#5 Need new 3270 emulator: SSH,
inexpensive, reliable
http://www.garlic.com/~lynn/2009m.html#7 Need new 3270 emulator: SSH,
inexpensive, reliable
http://www.garlic.com/
John Mattson writes:
>Tell me more about "self-sign"... We have users outsife of our
>Domain, and we do not want to manage PC's and Certs for users
>around the world.
Ah, now I see the source of your confusion. TLS and SSL do not require
client certificates. TLS/SSL supports them if you want some
08/27/2011
To
IBM-MAIN@bama.ua.edu
cc
Subject
Re: Need new 3270 emulator: SSH, inexpensive, reliable
>You do not *have* to pay for an SSL certificate. You can self-sign a
>certificate if all you want out of this is encryption.
-
mailto:ibm-m...@bama.ua.edu] On
Behalf Of Walt Farrell
Sent: Thursday, August 27, 2009 9:03 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
On Wed, 26 Aug 2009 13:26:44 -0400, Finch, Steve
wrote:
>Most VPNs do not encrypt the connection from endpoin
wfarr...@us.ibm.com (Walt Farrell) writes:
> So use the VPN technology that's built-in to z/OS (IPSec), and forego using
> an external appliance.
re:
http://www.garlic.com/~lynn/2009m.html#5 Need new 3270 emulator: SSH,
inexpensive, reliable
http://www.garlic.com/~lynn/2009m.html#7 Ne
On Wed, 26 Aug 2009 13:26:44 -0400, Finch, Steve wrote:
>Most VPNs do not encrypt the connection from endpoint to endpoint, which
>is what is PCI requires. The VPN would need to start on the mainframe
>and go all the way to the PC. Most VPN run on a appliance (server), a
>hop away from the mainfr
>IBM Mainframe Discussion List
>Expire Date: 08/25/2011
>
>
>To
>IBM-MAIN@bama.ua.edu
>cc
>
>Subject
>Re: Need new 3270 emulator: SSH, inexpensive, reliable
>
>
>
>
>On Tue, 25 Aug 2009 10:35:18 -0700, John Mattson
> wrote:
>> ... Management ...
Now the discussion is about VPN and SSL (or SSH) - is it redundant or not.
Well, it depends on VPN implementation details, on security requirements
(shall we allow unencrypted traffic within datacenter or not), etc.
I would pay attention to different aspect: the cost of SSL as add-on to
VPN. T
z/OS can certainly be a VPN endpoint. z/OS supports IPSec, for example, and
much IPSec-related processing can run on zIIP(s). I agree with the other
posters, though, that (at least as the original question was phrased *)
TLS/SSL is the way to go, and mainframe-direct.
Yes, it is possible to use se
steve.fi...@eds.com (Finch, Steve) writes:
> Most VPNs do not encrypt the connection from endpoint to endpoint, which
> is what is PCI requires. The VPN would need to start on the mainframe
> and go all the way to the PC. Most VPN run on a appliance (server), a
> hop away from the mainframe. The "l
inch
EDS, an HP company
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Walt Farrell
Sent: Wednesday, August 26, 2009 12:03 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
On Tue, 25 Aug 2009 16:1
.
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of
Eric Chevalier
Sent: Wednesday, August 26, 2009 11:23 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
On 25 Aug 2009 14:14:56 -0700,
hmerr...@jackhenry.com
26, 2009 11:03 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
On Tue, 25 Aug 2009 16:13:28 -0500, Hal Merritt wrote:
>VPN is a good solution, but not PCI compliant. You shouldn't have sensitive
data flowing over a network in the open. Perio
On Tue, 25 Aug 2009 10:35:18 -0700, John Mattson
wrote:
>Management is jumping for PCI and JSOX, and now wants a SSH based
>3270 emulation for accessing mainframe TSO, CICS, and such apps. Please
You could keep your same emulator and use ssh to tunnel the sessions into
the host. That'd
On 25 Aug 2009 14:14:56 -0700,
hmerr...@jackhenry.com (Hal Merritt) wrote:
>VPN is a good solution, but not PCI compliant.
That statement just doesn't make sense, and even verges on being
factually incorrect. The current PCI DSS document, version 1.2.1,
_explicitly_ mentions VPN as an approved te
On Tue, 25 Aug 2009 16:13:28 -0500, Hal Merritt wrote:
>VPN is a good solution, but not PCI compliant. You shouldn't have sensitive
data flowing over a network in the open. Period. You would use VPN to gain
access to the network, but layer another solution such as TLS on top.
I don't understand
On Tue, 25 Aug 2009 16:13:28 -0500, Hal Merritt
wrote:
>...
>
>VPN is a good solution, but not PCI compliant. You shouldn't
>have sensitive data flowing over a network in the open. Period.
>You would use VPN to gain access to the network, but layer
>another solution such as TLS on top.
>...
John,
if you need a cheap and reliable 3270 Emulation then give Vista tn3270 a
try.
see www.tombrennansoftware.com
Since V1.26 it supports secure connections over a SSL connection - I
guess this is what you need.
The pros and cons of (all) 3270 emulations have been discussed here
before.
John Mattson pisze:
I would recommend Nexus which is cheap and has great support.
http://www.nexit.com/
Or free x3270.
http://x3270.bgp.nu/
--
Radoslaw Skorupka
Lodz, Poland
--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl
Sd Rejonowy dla m. st. Warszawy
XII Wydzia Gospodar
We've got Tectia SSH as a replacement for telnet to login to a
z/OS UNIX shell. Unfortunately, Tectia doesn't support the chcp
command, which makes it pretty much unusable for me.
We've got an elder release (5.3.7.21) so this may well have changed.
I tried to find a hint in the doc on their web si
- Original Message -
From: "John Mattson"
Newsgroups: bit.listserv.ibm-main
Sent: Tuesday, August 25, 2009 4:26 PM
Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
EXCELLENT Question. The kind on insight I need here.
We use Rumba, running on a Wind
ussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of
John Mattson
Sent: Tuesday, August 25, 2009 3:25 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
EXCELLENT Question. The kind on insight I need here.
We use Rumba, running on a Windows serve
ployment ... now frequently called "electronic commerce"
> ... we had to investigate some number of these new operations called
> "Certification Authorities" that were issuing things called "digital
> certificates".
re:
http://www.garlic.com/~lynn/2009m.html#5 N
8/25/2009 12:43 PM
Please respond to
IBM Mainframe Discussion List
Expire Date: 08/25/2011
To
IBM-MAIN@bama.ua.edu
cc
Subject
Re: Need new 3270 emulator: SSH, inexpensive, reliable
On Tue, 25 Aug 2009 10:35:18 -0700, John Mattson
wrote:
> ... Management ... now wants a SSH based &
John Mattson wrote:
> I am learning this as I go. As I understand it, SSH supports
> higher security levels (management wants this) than SSL/TLS. And SSL
>
??? but SSH uses the very same SSL under the covers ... how does it
support higher security levels?
> requires Certificate author
gib...@wsu.edu (Gibney, Dave) writes:
> You are not correct. You can make SSL optional and therefore clear if
> it is not used, if the connection is secure, all data (including
> Userid/password) is encrypted.
re:
http://www.garlic.com/~lynn/2009m.html#5 Need new 3270 emul
On Tue, 25 Aug 2009 10:35:18 -0700, John Mattson
wrote:
> ... Management ... now wants a SSH based
>3270 emulation for accessing mainframe TSO, CICS, and such apps.
>...
Uh, something I've missed in the thread so far: What are you
going to talk to? Does some vendor produce an SSH-base
nframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
> Behalf Of John Mattson
> Sent: Tuesday, August 25, 2009 12:33 PM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
>
> Am I correct in that SSL sends UID and Passwords in the clear,
>
> "Gibney, Dave"
> Sent by: IBM Mainframe Discussion List
> 08/25/2009 11:29 AM
> Please respond to
> IBM Mainframe Discussion List
> Expire Date: 08/25/2011
>
>
> To
> IBM-MAIN@bama.ua.edu
> cc
>
> Subject
> Re: Need new 3270 emulator: S
1
To
IBM-MAIN@bama.ua.edu
cc
Subject
Re: Need new 3270 emulator: SSH, inexpensive, reliable
> I'm not an encryption expert, but I seriously doubt SSH (which has
always seemed flakey to me) is more secure than SSL.
-
mp...@novell.com (Mark Post) writes:
> SSH depends on SSL to do its encryption.
SSH & SSL both do public key operations
SSL(/TLS) has bunch of stuff in the protocol with (public key) digital
certificates.
SSH protocol doesn't require digital certificates for its public key
operations.
some "ope
>>> On 8/25/2009 at 2:27 PM, "Gibney, Dave" wrote:
-snip-
> I'm not an encryption expert, but I seriously doubt SSH (which has
> always seemed flakey to me) is more secure than SSL.
SSH depends on SSL to do its encryption.
Mark Post
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
> Behalf Of John Mattson
> Sent: Tuesday, August 25, 2009 10:58 AM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
>
>
>
ired (1969-1991)
From: John Mattson
To: IBM-MAIN@bama.ua.edu
Sent: Tuesday, August 25, 2009 1:35:18 PM
Subject: Need new 3270 emulator: SSH, inexpensive, reliable
Management is jumping for PCI and JSOX, and now wants a SSH based
3270 emulation for
5 Aug 2009 10:40:28 -0700
> > From: "Gibney, Dave"
> > Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
> > I don't know (never looked) of any SSH TN3270. I would suggest a VPN
> tunnel.
> > Why SSH, TLS/SSL is almost trivial to implement th
wants a SSH based 3270 emulation for accessing mainframe TSO, CICS, and
such apps
We're getting sent to the SecureAgent 3270 emulator and it's fairly awful,
so I'd be interest in any emulators that you find.
Jack Kelly
202-502-2390 (Office)
---
or,
so at least someone thinks it is possible.
> Date:Tue, 25 Aug 2009 10:40:28 -0700
> From:"Gibney, Dave"
> Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
> I don't know (never looked) of any SSH TN3270. I would suggest a VPN
Behalf Of John Mattson
> > Sent: Tuesday, August 25, 2009 10:35 AM
> > To: IBM-MAIN@bama.ua.edu
> > Subject: Need new 3270 emulator: SSH, inexpensive, reliable
> >
> >
> > Management is jumping for PCI and JSOX, and now wants a SSH
> > based
> >
; From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
> Behalf Of John Mattson
> Sent: Tuesday, August 25, 2009 10:35 AM
> To: IBM-MAIN@bama.ua.edu
> Subject: Need new 3270 emulator: SSH, inexpensive, reliable
>
>
> Management is jumping for PCI and J
Management is jumping for PCI and JSOX, and now wants a SSH based
3270 emulation for accessing mainframe TSO, CICS, and such apps. Please
feel free to contact me off-list, or phone 562-290-4163, I am looking for
actual user/installer endorsements and experiences, good or bad. Vendors
41 matches
Mail list logo