OSPS E-News ~ FW: [SFMS-News] Encryption communication

[Announcements from OSPS to the users of the Oregon State Payroll Application]

I'm not sure how many of us are subscribers to the SFMS e-news. I'm forwarding this just in case....

 

Katherine Bremser
Training Coordinator
Oregon Statewide Payroll Services
State Controller's Division
Department of Administrative Services 
503 378 6777, ext. 295 
Online Resource Center: http://oregon.gov/DAS/SCD/OSPS/ 

________________________________

From: sfms-news-bounces at listsmart.osl.state.or.us [mailto:sfms-news-bounces at listsmart.osl.state.or.us] On Behalf Of SEBASTIAN Joy * SCD SFMS
Sent: Monday, December 07, 2009 4:43 PM
To: Nancy Andring; arens at gorgecommission.org; FREDERICK Becky A; EKLUND Becky; WEST Bret * OPS DIR; SHRIVER Bruce; MARQUETTE Carolina; PEASE Cindy M * ODA; MCTEAGUE Dave; POSTON David; CHANDLER Deanne V; COOKE Debra; ORMAN Debra; JOHNSON Dennis R; PASSARELLE Dolores; VANFLEET Doug; SEARS Elaine; HEBRON Frank G; DUNFORD George.M; HOANG Helen * OAC; CREW Hillery; MORGAN Jeffry; GORES Jim; STIEGER Joan; DUFRENE Jon E; TRUSSELL Karen J; MACLEAN Karen S; JORGENSON Karl D; AYLWARD Kathryn N; ERICKSON Kay; ROSS Ken; NELSON Kerri; HENDERSON Lauren L; WILCOX Leann; BRODIE Les S; JONES Leslie; ROTH Leslie * GOV; TEET Linda; VANLAANEN Lisa.L; JUDGE Lorene; MAKINEN Lori; WERNER Mark * CJC; CLARK Marsha; PITTIONI Martin; JAEGER Mary; BUCKLEY MaryClaire; OCONNOR Michael; CAIN Nancy; SELLERS Nancy; TESCHNER Pam; KONSTANTOPOULOS Pamela; HEARN Pat; BRAATZ Patrick; EVERS Randy; LOOMIS Rebecca A; PILOTTO Renata; BERSIN Ron * OGEC; WAGNER Ron A * TAX; OWENS S Dean; WOOD Sally; RIERSON Sandra G; TODD Sandra K; SHRESTHA Sangit; sfms-news at listsmart.osl.state.or.us; JACOBSEN Shawn; GONZALEZ Shirlene A; CHASE Stacey; TAYLOR Susan A; Susan Isaacs; MACGLASHAN Susan; MCMILLAN Sylvie * OHLA; LELAND Teddy; BONEBRAKE Terry.D; LARSEN Tove; CHAMBERLAIN Victoria * TSPC
Cc: LESTER Melvin A * OPS SEC; McKEEHAN Sharon E * SCD OSPS
Subject: [SFMS-News] Encryption communication

 

Hello Everyone,

 

Please see the communication below from Mel Lester, the DAS Security Officer.    

 

________________________________

From: LESTER Melvin A * OPS SEC 
Sent: Friday, December 04, 2009 11:35 AM
To: WEST Bret * OPS DIR
Cc: HANNA Yvonne * OPS ADMIN
Subject: FW: Encryption communication

 

A Modern Technology Fable

 

Roughly a year ago, a huge technological change happened that touched almost everyone in this country. This event was the discontinuation of analog broadcasts in favor of digital signals for local over-the-air television reception.  This was almost a non-event for most of us because the manufacture of analog only television sets had ceased long before the cut over, analog televisions that were still in service could be converted to receive digital broadcasts by being retrofitted with a $50 adaptor box and an extensive series of public service announcements and other communications preceded the actual conversion.  Still, I am sure a few folks who had not already abandoned over-the-air reception in favor of cable or dish were unprepared because they did not get the message, did not think it applied to them or just decided the time was ripe to opt out of the "Vast Wasteland"¹.

 

Some interesting parallels exist between the analog to digital television broadcast signal conversion and an upcoming technology event in the State of Oregon called "The DAS Clear Text Project."  On January 3, 2010, less than a month from today, DAS will shut off communications to and from the DAS Mainframe that are unencrypted (i.e., clear text), on ports 20 and 23.  Using the television metaphor, think of ports 20 and 23 as analog television channels.  When DAS turns ports 20 and 23 off, those organizations and individuals who connect to the DAS Mainframe to enter timesheet information, use the SFMA, OSPA or PPDB applications or send and receive files will no longer be able to unless they are connecting to the encrypted, replacement ports.  All other uses of the DAS Mainframe may be similarly affected.  In short, if your organization has any involvement with the DAS Mainframe, you need to be aware of how this project may impact you.

 

For some years now, alternate, encrypted ports have been available for interactive connection and file transfers with the DAS mainframe, yet a significant number of clients continue to use the unsecure, clear text ports 20 and 23.  Now that these ports are being shut off, it is important that those who connect directly to the DAS Mainframe take some action to ensure their business processes will not be adversely impacted by this change:

 

*	You must determine if your existing client is compatible with the new, encrypted ports. 

	*	At least one terminal emulation, or "green screen" Telnet desktop application, TN3270E, is currently widely used but can not be configured to use encrypted port 2023 that replaces port 23.  The only solution is to replace TN3270E with a compatible, properly configured alternative.  There are many clients to choose from at price points ranging from free to hundreds of dollars per seat.  Like television brands, the choice is yours to make as long as the new product is capable of SSL/TLS encrypted communication with the DAS Mainframe.  Any costs associated with obtaining and installing new client software are yours also.

 

	*	Some terminal emulation products currently in use are capable of encrypted communication with the DAS Mainframe, but are currently configured for port 23 clear text communication. At DAS, some of our users have a commercial product known as Passport that is in this category.  Before port 23 is shut off, our LAN and Desktop support people will have to verify that each DAS Passport client is correctly configured to use encryption on port 2023.  You may have a similar situation in your organization and it is your responsibility to see that your IT support organization reviews your current client software and either replaces or reconfigures it to connect securely to the DAS Mainframe.

 

	*	If you are already using an encrypted terminal emulation client to communicate with the DAS Mainframe on port 2023, you have nothing to worry about.

 

*	You must determine if your existing file transfer program (if any) is compatible with the new, encrypted ports.

	*	Not every user of DAS Mainframe services transfers files, but this is something to not overlook if your organization routinely "interfaces" with SFMA for batch processing. The unencrypted port 20, which is used for file transfer, will be turned off and replaced with a range of ports from 50,000 to 50,049 that will only support "passive" file transfer encrypted using SSL/TLS.  Your IT Support Organization must ensure that network traffic is capable of flowing in both directions for all of the encrypted ports mentioned above. 

 

Again, while DAS is attempting to locate and communicate with all organizations still utilizing clear text communications with the DAS Mainframe, the responsibility to validate and ensure compliance rests with your organization and your IT support staff.  

 

If you are unsure as to your readiness for this change, please feel free to have your IT Support Organization contact Mel Lester, the DAS Security Officer, at the email address or telephone number below.

 

¹ Newton Minow delivered his "Vast Wasteland" speech in 1961

 

-Mel

 

Mel Lester

DAS Information Security Officer

melvin.a.lester at state.or.us

 (541) 915-9653 (Cell)

 

Have a great day!

 

Joy Sebastian, MA

Deputy State Controller

Department of Administrative Services

(503) 373-1044 ext. 228

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/osps-news/attachments/20091208/aae5b791/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT12827078.txt
URL: <https://omls.oregon.gov/pipermail/osps-news/attachments/20091208/aae5b791/attachment.txt>