Telnet behind your own firewalled, secure Enterprise, IS PCI compliant. Telnet across a non-secured, unencrypted connection is not.
As Rex stated, you could simply turn on SSH if you want added comfort. On the subject of unencrypted communication, consider that MANY credit card clearing houses are reached through a Frame Relay connection, using an unencrypted, clear text socket. In Theory, this is 'secure' because its 'yours'. You bought that virtual 'channel' through the ma-bell network. But in reality, how secure is it to send cardholder info across the telco network? [which likely includes satellite up/down links] I would venture that this represents more vulnerability than you have inside your own enterprise. The PCI data security standard also allows for any site to present "offsetting safeguards" to mitigate any non-compliant aspect of their operation by the implementation of business rules and procedures. A frank discussion with your clearing house that demonstrates 'due diligence' goes a long way toward keeping your 'compliant' certification. I state all this because I hate to see anyone making a database move out of a knee-jerk reaction to PCI. ... or a CIO wrapping their secret [sql] agenda in a 'PCI Compliant' guise. fwiw, -Baker -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Price Sent: Monday, July 21, 2008 9:10 AM To: [email protected] Subject: [U2] converting from UniVerse on Redhat Linux to UniVerse on Windows There is a discussion here to either do completely away from UniVerse to SQL because 99% of our servers are windows applications and our network administrator doesn't know much about Linux and believes because we have to open up telnet for UniVerse and an old application on a Solaris box of Mumps that we are making the Linux less secure and that PCI requires we don't use telnet at all. We use SSH to login everywhere except for the communication between UniVerse and Mumps. As a stop gap the company may switch from Linux to Windows. I thought I remembered a discussion on this sometime in the last couple of years. I'll search the archives. In the meantime, has anyone have an experience with this? If so, did the costs stay the same, go up, go down. Any difficulties? Seems like it would be the same procedures as we had to run when we was transferring data from our live server (linux) to our old test server (Solaris), you had to do funxi on the data and that was that. They are in the process of getting comparison costs between UniVerse and SQL now. For those with both UniVerse and SQL experience, how does the development time differ. To me it appears that it takes the VB and SQL folks longer to get changes done then it does on the UniVerse systems. If we switch, it seems to me that the quick fixes users demands will be pretty much going away. Am I correct on this? I am 99.9% certain that the switch will happen at some point in the next few years. Brenda Price Affiliated Acceptance Corporation Sunrise Beach, MO 65079 ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
