----------------<snip>------------------
That used to be true, but a recent alleged breach have cast some shadows
over that strategy. The reported breach may have been some malicious
logging software on one of those intermediary servers.
And, yes, some of us are being 'asked' to encipher everything, inside
and out.
Once the auditors figure things out, I'd guess that full path
enciphering (endpoint to endpoint) may be the minimum acceptable. Which
presents other issues that may need more exotic malware countermeasures.
But that is just speculation on my part.
------------------<unsnip>------------------
We've had some long and involved discussions about auditors. (Check the
archives.) The better they are educated, the more cooperative and
understanding they're likely to be. Help them learn and understand and
the benefits will far outweigh the problems, both long term and short term.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
