On Thu, 19 Jun 1997, Kent L. Johnson wrote:

| We have some people at our university who are hesitant to use ADSM because of
| security reasons.  I believe that they are concerned of the possiblity that
| ethically-challenged people may sniff networks, intercept the backup data,
| and recreate files containing sensitive data.

We're concerend about this issue as well.  Our main concern is the desire
to place our Kerberos servers on ADSM.  Placing that data over the network
is not attractive.  My main concern is hackers grabbing the node password
at the beginning of a session.  If they have that, then they have access
to all of the data from the ADSM server.  This is assuming the password is
sent in the clear.

One solution I'm looking at is using ssh.  Whereas, I setup a secure ssh
connection from the client to the server and setup a special port to
redirect port 1500 over that same connection.  Now all information
(password and data) is encrypted.  Very little overhead with this so far.
Still working out the minor details of setting-up the connection for a
batch job and such.  As long as you are using TCP/IP, the ssh solution
should work for most people.

_______________________________________________________________
Joe Morris  -  morris AT unc DOT edu  -  http://sunsite.unc.edu/morris
Academic Technology and Networks (formerly OIT), Development
University of North Carolina at Chapel Hill