On Tue, 25 Aug 2009 16:13:28 -0500, Hal Merritt <[email protected]> wrote:
>... > >VPN is a good solution, but not PCI compliant. You shouldn't >have sensitive data flowing over a network in the open. Period. >You would use VPN to gain access to the network, but layer >another solution such as TLS on top. >... I don't understand your comments about VPN. I can't speak to the PCI compliance since I haven't read the PCI specs, but there are many VPN configurations that don't have data "in the clear" except over the socket between the IP stack and the application. Ok, also within the stack between the IPSEC code and the socket code. Is it that clear data at the socket that makes VPN insecure? Pat O'Keefe ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
