ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

DES56-Bit_and_authentication_prozess

2003-05-21 23:51:02
Subject: DES56-Bit_and_authentication_prozess
From: Schaub Joachim Paul ABX-SECE-ZH <joachim.schaub AT ABRAXAS DOT CH>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 22 May 2003 05:45:06 +0200 
Hi All

A customer (government)of us want to know hove the DES56-bit encryption and
the 'kerberoslike' identification between the server and client works in a
deeper tecnical understanding.
I allready red the statements on the listserver for this thems.
What i found in IBM/*SM documentation was for the 'handshake':

Before a communication session between the TSM Client and the TSM Server
begins, an authentication handshaking process occurs with authentication
tickets
and a mutual suspicion algorithm. The TSM security protocol is modeled after
the Kerberos network authentication protocol, which is a highly respected
method for secure signon cryptography. The client uses its password as part
of
an encryption key, and does not send the password over the network. Each
session key is unique, so replaying a session stream will not result in a
signon to
the TSM server. This significantly lowers the chance of a TSM session being
hijacked by an outside user.

and for the encryption:

To heighten security for TSM sessions, data sent to the TSM server during
backup and archive operations can be encrypted with standard DES 56-bit
(64bit Key)
encryption. For WAN implementations of TSM across public networks, data
encryption compliments and completes data security for TSM.

But this is not enough, the customer wants to now for example how the key
will be stored (i now in the microsoftenvironment, it will be stored in the
registry) in netware or aix? in witch format will the key be stored?
Or where is the kerberos server (in the tsm server?)?
How will it work without ticketgranting server, etc. etc.
Have anybody of you allready done a description for a customer like this.
Does anybody now about a whitepaper or other documentation who describe the
tsm security in a deeper way?
Are Reference Information from DOD or other sensitive Departments /
Governments / Customers available?  

I also oppened a PMR for this.

Thanks in advance for any help.

Joachim   
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Joachim Paul Schaub
Abraxas Informatik AG
Beckenhofstrasse 23
CH-8090 Zürich
Schweiz / Switzerland

Telefon: +41 (043) 259 34 41
Telefax: +41 (043) 259 42 82
E-Mail: mailto:joachim.schaub AT abraxas DOT ch
Internet: http://www.abraxas.ch
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Continuous cluster failovers configuring TDP Exchange Scheduler, John Monahan
Next by Date:  Re: pending tapes to scratch, Nicolas Savva
Previous by Thread:  NDMP, Hector Chan
Next by Thread:  Re: DES56-Bit_and_authentication_prozess, Richard Sims
Indexes:  [Date] [Thread] [Top] [All Lists]