Ed Finnell wrote:
In a message dated 9/21/2007 7:46:48 P.M. Central Daylight Time,
[EMAIL PROTECTED] writes:
This could be a huge exposure, or it could be the safest thing
in the world, as these things go. I once worked for a company
that had open access. They also had an egg-shaped device for
each user, clock synchronized to software, that generated a
pseudo-random number on demand. That was the password; if you
missed the window, you had to wait a few minutes and try again.
The logon was handled in a Network Solicitor, and other than
requiring occasional recalibration, was reliable. Definitely
safer than a static password.
Yeah, we ran this way for a number of years when our Library(NOTIS) system
was on MVS. Depending on VTAM application the Solicitor would pass to read
only Library or tag you to the RSA VTAM sign-in.
We have "open connect" to our z/OS system. We are a service provider
that is owned by the companies that we provide the service for. They
dictate to us how they connect to us. It could be over leased circuits
they own, it could be via a managed network they are responsible for, it
could be over the Internet.
We provide the service to over 700 companies (only a few actually own us
but we must treat all of them equally). The majority connect over the
Internet and we can't dictate that they use any type of encrypted VPN
type connection over the Internet. We can use security token devices
because when they want access for a new employee they want to TODAY, not
next week and not tomorrow, but right now.
One "company" may have a single user that works from home using dial-up
Internet access. Another company could have 300 users with dual DS-3's
going over the Internet.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
