Most VPNs do not encrypt the connection from endpoint to endpoint, which is what is PCI requires. The VPN would need to start on the mainframe and go all the way to the PC. Most VPN run on a appliance (server), a hop away from the mainframe. The "last hop' blows' the PCI
Steve Finch EDS, an HP company -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Walt Farrell Sent: Wednesday, August 26, 2009 12:03 PM To: [email protected] Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable On Tue, 25 Aug 2009 16:13:28 -0500, Hal Merritt <[email protected]> wrote: >VPN is a good solution, but not PCI compliant. You shouldn't have sensitive data flowing over a network in the open. Period. You would use VPN to gain access to the network, but layer another solution such as TLS on top. I don't understand that comment, Hal. VPN technology and solutions certainly include encryption of the data that flows over the network. You don't need TLS or SSH or some other added encryption on top of it. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
