[Info-vax] VSI OpenVMS Hobbyist Program Announced.
Hans Bachner
hans at bachner.priv.at
Sat Jul 13 00:30:05 EDT 2019
Simon Clubley schrieb am 17.06.2019 um 14:41:
> On 2019-06-17, Hans Bachner <hans at bachner.priv.at> wrote:
>>
>> I wonder why DECnet has been completely omitted. For many/most hobbyists
>> it's probably relevant.
>>
>
> If you are teaching students, why waste time teaching them about an
> obsolete product ?
Because (I assume) most students are trained to support or eventually
replace current system managers. And many if not most existing systems
use DECnet.
> DECnet is something that should never appear on any new VMS systems
> (in the same way as SSH is used for user logins in production sites
> in the TCP/IP world instead of telnet) and ideally should be removed
> from existing user sites as and when the opportunity arises.
>
> Just because something was acceptable 10-20 years ago in terms of security
> in production use does not mean it is an acceptable standard these days
> (which is why telnet has now been banned in many sites in favour of SSH).
>
> If VSI are teaching students about DECnet, I hope they are teaching
> them about all its security flaws (by today's standards) and limitations.
I fully agree. But this requires that they are trained in managing
DECnet to reduce/minimize/avoid security issues.
Hans.
> To any students reading this, the major flaw in native DECnet Phase IV
> is that it assumes the underlying physical network is trusted.
>
> You can run the stack on top of things like IPsec (if both sides support
> that) but DECnet Phase IV by itself is hopeless these days when it comes
> to security. For example, you have nothing like SSH or encrypted file
> transfers built into the DECnet Phase IV stack itself.
>
> Simon.
More information about the Info-vax
mailing list