Kisco’s OnePass/400 Closes Telnet Security Loophole

Kisco Information Systems has announced the immediate availability of OnePass/400, a new Telnet Security Tool for the AS/400 with claims that OnePass/400 closes a Telnet security exposure on the AS/400.

The AS/400 has a very nice Telnet feature that allows connection to the AS/400 from any network client using Telnet software, Kisco maintains. The security exposure with this, however, is that Telnet does not hide user profiles and sign on passwords. Anyone using "sniffer" software on the Internet can pick up user profile and password information from users connecting to an AS/400 via Telnet.

Kisco claims that OnePass/400 covers this exposure with the addition of a second-level password needed to complete a Telnet sign on. The second password is a single use password that automatically expires as soon as it is used. The user profile passwords are still not hidden, but because a password sequence is automatically disabled as soon as it is used, it cannot be reused by an unauthorized person.

User profiles must be enrolled in OnePass/400. Only those users who want to connect via Telnet need to be enrolled. OnePass/400 can also be configured to recognize sign on context so that the additional sign on password is only requested when absolutely necessary. OnePass/400 includes a history log that records all operations within OnePass/400. Users can view or print the log to track activity within the software product.

OnePass/400 is available as a separate product now. It will also be integrated into Kisco's SafeNet/400 product in a future release as an extra charge option. OnePass/400 costs $895.00 and is available for free trial from Kisco Information Systems(new window).

Related Editorial:

  • Kisco Offers Release 2 of WebReport/400

    Related Information:

  • Kisco Information Systems (new window)
  • Must Read Articles