A little bit of information on the Solaris/MUMPS to Universe/Linux system
connections.
The Solaris system runs an Open/M application that controls our dialer
system that is used in collection activities. The application is accessed
using a terminal emulator called CT-Vision which was furnished by the
company that built the MUMPS application. Because of the age of the software
the only option we have is tenet. If there is a newer version it may have
ssh capability but that is not where the telnet problem is. The highest
Solaris rev I have been able to run the Dialer software on is Solaris 7 but
what we are using is 2.6. We're talking 1993 technology here. Ssh doesn't
come with Solaris at that revision.
The user logs into the MUMPS app, into a menu system that is strictly
monitored by the Supervisor through a screen that tells them what the user
is doing every second they are on the system. The user can only reach
applications by menu that are defined by the Administrator. No personal
information of the customer is kept on the MUMPS system except their name
and phone number.
Here's where the telnet becomes a problem. When a user pulls up a pool of
phone numbers, for the dialer to call, the MUMPS application makes a
connection via telnet to the Universe/Linux server where they login using
their own user ID and password. The user, through a menu, can then bring up
our inquiry program. The inquiry program contains the information on the
person being called.
The MUMPS app feeds the customer's number to the inquiry program, when a
connection is made by phone, so our customer service reps will have all of
the information to talk to the customer intelligently. Really rather
sophisticated for it's time.
The only other connection between the two systems is an NFS mount exported
from the Linux server and mounted on the Solaris system for transferring the
dialer pool file from the Universe system to the dialer system and the
collection statistics file from the dialer system to the Universe system.
At one time the MUMPS app was on the same system as Universe but we changed
from Solaris to Linux for Universe and had to move the dialer software to
it's own system.
I don't know how this problem has anything to do with changing from Universe
to SQL Server because the problem would still be there if we kept the
dialer.
We can't change the Inquiry program to a GUI screen because of this dialer
either so we will have to change it anyway. Beside that there are some in
the customer service department that think it would be better to run without
a dialer system, which would eliminate this problem altogether.
Your last statement is more true than false.
Jerry Banker
--------------------------------------------------
From: "Brenda Price" <[EMAIL PROTECTED]>
Sent: Monday, July 21, 2008 2:17 PM
To: <u2-users@listserver.u2ug.org>
Subject: RE: [U2] converting from UniVerse on Redhat Linux to UniVerse on
Windows
Telnet behind your own firewalled, secure Enterprise, IS PCI
compliant.
Which exactly what we have.
On the subject of unencrypted communication, consider that MANY credit
card clearing houses are reached through a Frame Relay connection, using
an unencrypted, clear text socket. In Theory, this is 'secure' because
its 'yours'. You bought that virtual 'channel' through the ma-bell
network. But in reality, how secure is it to send cardholder info
across the telco network? [which likely includes satellite up/down
links] I would venture that this represents more vulnerability than you
have inside your own enterprise.
I definitely agree about that.
The PCI data security standard also allows for any site to present
"offsetting safeguards" to mitigate any non-compliant aspect of their
operation by the implementation of business rules and procedures. A
frank discussion with your clearing house that demonstrates 'due
diligence' goes a long way toward keeping your 'compliant'
certification.
We are actually removing the CC number from our UniVerse database anyway
so that should limit the scope of PCI on the UniVerse system. I really
don't understand why they (Network Admin and PCI compliance contractor)
insist telnet has to be turned off.
I state all this because I hate to see anyone making a database move
out of a knee-jerk reaction to PCI. ... or a CIO wrapping their secret
[sql] agenda in a 'PCI Compliant' guise.
I think it is both!
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/