Hal Merritt wrote:
We use a layered approach to include TLS, physically isolated LAN's, and
other measures.
Note that SSH (secure shell) does not seem to qualify as ID's and
passwords flow in the open. As far as I can tell, only certificate based
protocols are acceptable for those under a PCI gun. Some PC types might
state that only SSH is available on tinker toy boxes, but that is not
completely true. It is true that many (most?) distributions do not come
with TLS software installed and has to be added.
AFAIK ssh userid's and passwords do NOT flow in the clear. The first
thing ssh does after host key validation is create a unique one time use
encryption key and then the userid/password is sent to the ssh server
encrypted with this key.
<snip>
--
Mark Jacobs
Technical Services
Time Customer Service - Tampa, FL
------
"The secret of life is honesty and fair dealing.
If you can fake that, you've got it made."
-- Julius (Groucho) Henry Marx
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
