On Tue, 27 Mar 2012 11:09:23 -0700, Skip Robinson wrote: >The reason I brought up this 'vulnerability' is that we hired a consultant >a while back to look for weaknesses. Of course they were able to logon >with a vanilla userid that had no special authority. And this is what they >did. > >We all spend a lot of time and mental energy focused on how to protect >ourselves from sophisticated attack. We look at APF. We look at SVC >screening. We look at access to sensitive libraries. But this particular >'denial of service' can be accomplished by anyone with a valid userid and >password. And *only* because we lock up users for invalid password >attempts. I'm just sayin'... > Would you and the auditors feel better if users logged on without typing passwords, via SSH with certificates stored on their desktops?
Does SSH/SSL lock accounts on detected intrusion? There is an SSL flavor of tn3270, isn't there? And that would encrypt even LAN traffic. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
