You might check with Pete at Accusoft to see if Accuterm will do SSH. Eugene
----- Original Message ----- From: "pukunui" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 04, 2004 8:33 PM Subject: [U2] [UV/Windows] Authentication / encryption issues > Dear U2 Gurus, > > I am starting to think about improving the security of our > Windows-hosted, > UV-based systems against internal snooping or attack. > External influences > are less of an issue, we can always encrypt any traffic > either via a VPN > tunnel (for the Internet) or by installation of encryption > hardware covering > point-to-point network links. > > There are four different sorts of vulnerability I am > considering:- > * Snooping of Telnet traffic > + Does IBM or anyone else offer, or plan to offer, an > SSH-enabled telnet server for UV on Windows? > + The MS Windows Telnet server offers NTLM authentication > to avoid sending user ID & password in plain text, but > not a SSH encryption of session traffic. > + At least at UV version 10.1, it doesn't look like IBM > provides anything in this area > > * Snooping of UniObjects traffic > + This is much less of a problem as the traffic is all > server-to-server inside a single rack in the computer > room. There is little opportunity to gain access to > a cable segment with the traffic on it. > + Still, it would be nice to be able to encrypt the > traffic > > * UV/net > + UV/net stores user credentials (UserID AND password) > in plain text in the ENVironment string. Absurd but > true! This makes UV/net a major security risk > + Does IBM have any plan to address this? > > * The "unauthorised developer menace". > + Our systems used to be pretty well segregated, but now > we're looking at 'server consolidation', and the same > server may well have, say, Payroll and Inventory systems > on it > + How could we stop, say, an Inventory developer writing a > program, apparently part of the Inventory suite, but which > actually calls a (pre-existing) Payroll component which he > (or she) misuses to find out details of stuff they're not > supposed to know about? > + Development is in VS.NET, using mostly VB and a little C# > + Since we want developers to share tools, techniques and > code libraries in order to get the best efficiencies we > can in the development process, the only alternatives > for management may be either to [GAARK!] trust the > programmers, or to completely segregate the Development > environment from Test & Production, and bulk up the QA > side to make as close to certain as possible that the > Production code does only, and exactly, what it's supposed > to. Sounds expensive! > ------- > u2-users mailing list > [EMAIL PROTECTED] > To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/
