RE: want to allow easy home access to iSeries -- MIDRANGE-L

Subject: RE: want to allow easy home access to iSeries
From: Steve Martinson <smartinson66@xxxxxxxxx>
Date: Fri, 18 Feb 2011 08:48:33 -0600
List-archive: <http://archive.midrange.com/midrange-l>
List-help: <mailto:midrange-l-request@midrange.com?subject=help>
List-id: Midrange Systems Technical Discussion <midrange-l.midrange.com>
List-post: <mailto:midrange-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=unsubscribe>

Luke,

I just wanted to throw in here that if your environment is subject to the
PCI DSS, remote access to the CDE (cardholder data environment) MUST be via
two-factor authentication. This is the case for any non-CDE subnet that
access the "in-scope" subnets, thus implying that two-factor is needed
internally as well, not just from the outside world (Internet-routable
networks).

Paul's suggestion of a certificate for RDP sessions is a good one, as long
as it's not the same certificate for every user. They have to be unique.
Oh, and having to enter two different passwords along the way does not
count as two-factor.

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.