[Info-vax] An alternative history of computing
Arne Vajhøj
arne at vajhoej.dk
Fri Jul 23 21:27:16 EDT 2021
On 7/23/2021 2:59 PM, Simon Clubley wrote:
> I would love to know how these DECnet Phase IV users get through
> a security audit in today's world.
If the auditors is one of those that follow a checklist and
require everything checked then the setup will fail the audit.
But if the auditor is one that does a risk assessment for
each problem and prioritize based on that, then there
will likely be way too many issues above DECnet phase IV
for it to get attention.
Example: if there is a system with both DECnet and telnet
allowed for login, then there will be two problems for
having protocols allowing login with plain text password
enabled. But if prioritized per risk, then telnet will
get the focus, because TCP/IP get through the network
while DECnet does not.
Of course if DECnet is the only problem then it will
catch serious flak. But most sites will have many
other issues not the least related to the applications
themselves.
Arne
More information about the Info-vax
mailing list