ADSM-L

[no subject]

2015-10-04 17:30:26

Warning:  Not enough coffee in the system yet, so the brain is still a little
fuzzy... :-)  And the brain definitely isn't up to gear, so please don't view
any of this as a commitment.  Instead, view it as just a little insight.

Security (in the sense you're referring to):
     Any admin (except Operator & Analyst privilege), that has authority to the
storage pool containing the data can "eventually" get at the data.  Accounts
with only restricted storage priv would likely need to move the data to a pool
where they have policy access.  Unrestricted policy privilege & system privilege
can easily get at the information.
     <<satire>> "Well geez, that's a huge hole in the system!!!"  -> Actually,
no it isn't.  The standard response is that TSM (currently) was not designed to
provide security in the sense that you're referring to.  We state that your data
is secure in the sense that we'll make sure you get it back.  Or in other words,
we love data integrity (makes our lives a lot easier).  Also, what do you do
when someone leaves the company and "forgets" to share their passwords with the
boss?  I have a feeling you would still like to get at that data despite their
absence.
     But, from a security geek's p.o.v:  If this data is that sensitive, why
isn't it being encrypted?  The machine that is backing up the data is
susceptible to 'attack', and a great start for protection is to encrypt the data
at the source.  I would strongly consider this avenue for any data in an
enterprise environment.

RE: Capturing the data via network sniffer.  You could....  But, there's so many
other easier ways to get at the data than that....

HTH

Glen Hattrup
Tivoli Systems
TSM Server Development


Gerald Wichmann <gwichmann AT SANSIA DOT COM> on 05/04/2000 02:06:56 PM

Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>

To:   ADSM-L AT VM.MARIST DOT EDU
cc:    (bcc: Glen Hattrup/Tivoli Systems)
Subject:  security




An issue of security has come up. If we back up a node that has sensitive
information, who then has access to looking at that information? For example
can the TSM admin with max tsm priv
<Prev in Thread] Current Thread [Next in Thread>
  • [no subject], Unknown <=