We use a layered approach to include TLS, physically isolated LAN's, and other measures.
Note that SSH (secure shell) does not seem to qualify as ID's and passwords flow in the open. As far as I can tell, only certificate based protocols are acceptable for those under a PCI gun. Some PC types might state that only SSH is available on tinker toy boxes, but that is not completely true. It is true that many (most?) distributions do not come with TLS software installed and has to be added. You last sentence about internal availability is confusing. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Ray Prevott Sent: Monday, July 30, 2007 10:43 AM To: [email protected] Subject: PCI Compliance - Encryption of all non-console administrative access. How is everybody dealing with this anyhow? Testing procedures include a determination that TELNET and other remote log-in commands are not available for use internally. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
