On Wed, 26 Aug 2009 13:26:44 -0400, Finch, Steve <[email protected]> wrote:
>Most VPNs do not encrypt the connection from endpoint to endpoint, which >is what is PCI requires. The VPN would need to start on the mainframe >and go all the way to the PC. Most VPN run on a appliance (server), a >hop away from the mainframe. The "last hop' blows' the PCI So use the VPN technology that's built-in to z/OS (IPSec), and forego using an external appliance. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
