ADSM-L

Re: security

2000-05-05 10:01:28
Subject: Re: security
From: Bill Colwell <bcolwell AT DRAPER DOT COM>
Date: Fri, 5 May 2000 10:01:28 -0400
If 'passwordaccess generate' is used and the node is defined with
'forcepw=yes', when the first connection is made and the initial password
is entered, a new password is generated.  This password is unknown to
everyone including the user and all administrators.  I know the dsmcutil
program can display it, but if physical security to the user machine is
maintained these parameters provide decent security for the adsm backups.

An administrator would need to reset the password to give
others access and this leaves an
audit trail plus the user may notice that his client doesn't work anymore.

--
--------------------------
--------------------------
Bill Colwell
Bill Colwell
C. S. Draper Lab
Cambridge, Ma.
bcolwell AT draper DOT com
--------------------------
In <F550CB472FA8D31194D300104B757DF384AE80@AGENCY14>, on 05/05/00
In <F550CB472FA8D31194D300104B757DF384AE80@AGENCY14>, on 05/05/00
   at 10:01 AM, Gary Ison <Gary.Ison AT MAIL.STATE.KY DOT US> said:

>Actually, anyone with the nodal password and same OS platform can restore
>the data by saying they are the node to *SM.

>        Gary L. Ison
>        Governor's Office for Technology
>        101 Cold Harbor Drive
>        Frankfort, Ky.   40601
>        Phone:  (502) 564-8724
>            Fax:  (502) 564-6856
>E-mail: Gary.Ison AT mail.state.ky DOT us <mailto:Gary.Ison AT mail.state.ky 
>DOT us>

>-----Original Message-----
>From:   Lori Metcalf [SMTP:lmetcalf AT US.IBM DOT COM]
>Sent:   Friday, May 05, 2000 7:50 AM
>To:     ADSM-L AT VM.MARIST DOT EDU
>Subject:        Re: security

>I believe that once the data is backed up only the user can access or
>grant access to it.

>Lori Metcalf,  AFS/DFS Support
>IBMUSM07/RCHVMX2
>Dept 77N, Bldg 20-3 a218
>IBM Global Services SDC North, Rochester MN
>Phone 1-507-253-0722  T/L 1-507-553-0722
>Internet address: lmetcalf AT us.ibm DOT com


>Gerald Wichmann <gwichmann AT SANSIA DOT COM> on 05/04/2000 04:06:56 PM

>Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>

>To:   ADSM-L AT VM.MARIST DOT EDU
>cc:
>Subject:  security




>An issue of security has come up. If we back up a node that has sensitive
>information, who then has access to looking at that information? For
>example
>can the TSM admin with max tsm priv << File: ATT766118.txt >>  << File:
>ATT766119.txt >>  << File: ATT766120.txt >>  << File: ATT766121.txt >>
><< File: ATT766122.txt >>  << File: ATT766123.txt >>  << File:
>ATT766124.txt >>
<Prev in Thread] Current Thread [Next in Thread>