Secure shell inventor SSH Communications has released its SSH Tectia Server on IBM's zSeries mainframes. Running on IBM's z/OS 5.2 (MVS as-was), SSH Tectia Server transparently encrypts data and file transfers so that mainframe apps are not even aware of its presence.
According to SSH Comms development director Tero Harjula, the risk for mainframe users is that many applications were designed in the days of SNA and dumb terminals, but today the most common access method is a PC, running 3270 terminal emulation software and connected over TCP/IP.
He demonstrated how easily usernames and passwords can be sniffed from the network, adding: "Many companies don't realise how insecure mainframe communications are, now that they're on TCP."
The SSH solution adds software to both the mainframe and the PC which intercepts network traffic and tunnels it over an encrypted link. The user must now authenticate to the PC as well as to the mainframe app, but as Harjula showed, the mainframe data no longer traverses the LAN in plain text.
He added that one advantage of SSH Tectia is that it works with any application. It also transparently encrypts file transfers and the SSH client can be extended to support other authentication methods at the PC, such as strong authentication via biometrics or a token.
In addition, it works with Unix and Windows servers running SSH Tectia or other SSH servers such as OpenSSH, and it enables the mainframe to authenticate to the client as well..
"There are 3270 emulators with SSL plug-ins," Harjula said, "but legacy mainframe applications don't authenticate. Plus, it doesn't need digital certificates as SSL does."
He suggested that SSH is primarily aimed at internal networks, with SSL or IPsec being more likely for use on public networks.
Harjula said SSH Tectia will list at around 130 Euro per workstation and 700 Euro per server, before volume discounts are calculated.