Re: Need new 3270 emulator: SSH, inexpensive, reliable
- From: pwoude@xxxxxxxxxxxxxxxx (Peter Vander Woude)
- Date: 27 Aug 2009 06:01:09 -0700
I'm not sure where you're management got their information about SSL being
less secure than SSH. With the SSL configuration, you can configure it to use
different ciphers, one of them being AES.
Yes, as stated by others, SSH and SSL use Public key processing. And no you
do not have to pay Verisign, or someone else, for setting up the ssl
certificate. If all your TN3270 traffic is on your internal network, then you
create a CERTAUTH certificate, and then create another certificate, signed by
your inhouse CERTAUTH. Add them both to the keyring, make your 2nd
certificate the default, and then just make the CERTAUTH certificate available
to your systems that are running the TN3270 client (if windows based, you
can use Microsoft's SMS to push it to all the desktops and servers).
Once the SSL negotiation is done, ALL traffic is then encrypted using a key
that is generated during the SSL negotiation, and the agreed upon cipher,
thus all your passwords and other data is encrypted.
Peter
On Tue, 25 Aug 2009 13:25:19 -0700, John Mattson
<John_Mattson@xxxxxxxxxxxx> wrote:
EXCELLENT Question. The kind on insight I need here.you
We use Rumba, running on a Windows server to talk allow 3270 type
communication from users on Windows boxes who need to access our zOS
system, TSO, CICS, and some VTAM apps.
Problem is that PCI and JSOX do not think this is sucure... and it is
certainly not secure enough. Users are on our internal net, or coming in
thru VPN to our internal net, firewalls on the network, not zOS.
Management seems to believe that SSL is not sufficient, they must
have SSH and I am working on getting IBM Ported Tools installed. Just
where the TN3270 would go, server or user PC... etc, most everything is up
in the air at this point.
I am also looking at what is involved in putting a firewall on
zOS, and framkly, I am WAY over my head.
"Patrick O'Keefe" <patrick.okeefe@xxxxxxxx>
Sent by: IBM Mainframe Discussion List <IBM-MAIN@xxxxxxxxxxx>
08/25/2009 12:43 PM
Please respond to
IBM Mainframe Discussion List <IBM-MAIN@xxxxxxxxxxx>
Expire Date: 08/25/2011
To
IBM-MAIN@xxxxxxxxxxx
cc
Subject
Re: Need new 3270 emulator: SSH, inexpensive, reliable
On Tue, 25 Aug 2009 10:35:18 -0700, John Mattson
<John_Mattson@xxxxxxxxxxxx> wrote:
... Management ... now wants a SSH based >3270 emulation foraccessing mainframe TSO, CICS, and such apps. >...
Uh, something I've missed in the thread so far: What are you going totalk to? Does some vendor produce an SSH-based Tn3270 server? Or are
going to talk with some server that includes a Tn3270 client that thenconnects to the local z/CS Tn3270 server? (Maybe something sort of like
HATS > except with some special SSH client rather than a browser.) Or
something else I can't envision?
It looks to me like somebody has tried to define a solution ratherdefining the problem and then looking for solutions that address it.
Pat O'Keefe
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
.
- Prev by Date: Werner Kuehnel ist außer Haus.
- Next by Date: Re: Need new 3270 emulator: SSH, inexpensive, reliable
- Previous by thread: Re: Need new 3270 emulator: SSH, inexpensive, reliable
- Next by thread: Re: Need new 3270 emulator: SSH, inexpensive, reliable
- Index(es):
Relevant Pages
|
Loading
