ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: encryption: 56 to 128

2003-11-29 11:41:29
Subject: Re: encryption: 56 to 128
From: Zlatko Krastev <acit AT ATTGLOBAL DOT NET>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Sat, 29 Nov 2003 18:40:08 +0200 
Joe,

I understand you pretty well as I am in your shoes - I am meeting our
customers every day. The only thing I can do is to stress on improved
network security if data in transit is the main concern, and to stress on
application protection for data sensitive in long-term. One of the
arguments in that TSM cannot cover everything better than the applications
themselves can.

But lack of "serious" encryption is drawback of TSM, so hopefully sooner
or later IBM will realize that. The efforts to brute-force attack even
56-bit encrypted data usually are indeed more than to gather the same data
with social engineering. Anyway sometimes people are just fond of
modern/fashion thingies without actually needing them. So whenever they
ask for "a 128-bit <something>" and we cannot provide it, the people
"cross the street" (as per IBM beloved ATM example) and go to another
vendor.

How to open an enhacement request with IBM ???? Hard question!
I've asked "my local IBM sales rep" several times without success. So I've
escalated the issue to our regional Central and Eastern Europe salesperson
for Tivoli. The answer was to collect some cases and send the data to him
to open a request. At which level and with which person (!!) you should do
it in U.S.A. is up to you to investigate.

Zlatko Krastev
IT Consultant






Joe Crnjanski <JCrnjanski AT INFINITYNETWORK DOT COM>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
27.11.2003 20:01
Please respond to "ADSM: Dist Stor Manager"


        To:     ADSM-L AT VM.MARIST DOT EDU
        cc:
        Subject:        Re: encryption: 56 to 128


Thank you for understanding me Zlatko.

The reason I'm asking for this is what we hear from our prospect customers
on initial sales meeting. When question comes to security and encryption,
if we can we try to avoid exact answer. Usually we say data is encrypted
with industry standard encryption. If we have somebody that knows little
bit more about this and he/she asks what kind of encryption, and we say 56
bit they all look to each other.
You have to remember that we are backing up data off-site over the
Internet and encryption becomes big issue for us.
And we all know that 56bit is very old technology(5-8 years; not sure).
You can not do internet banking without 128bit for at least 3-4 years.
128bit is standard on win2000, even nt4 had 128bit encryption with one of
the service packs.

Back to the GIVE US A CHANCE

How we open "enhancement request" from IBM !!!!!!!!!!

Joe Crnjanski
Infinity Network Solutions Inc.
Phone: 416-235-0931 x26
Fax:     416-235-0265
Web:  www.infinitynetwork.com



-----Original Message-----
From: Zlatko Krastev [mailto:acit AT ATTGLOBAL DOT NET]
Sent: Thursday, November 27, 2003 12:08 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: encryption: 56 to 128


--> ... without the TSM database, a TSM tape is worhtlees...

This is not completely correct. Some data can be read from the tapes but
you will not know is it the latest version and from which time period it
is. There was such a tool in the past. Look the list archives for
"adsmtape".

--> ... any data that transits on the network is encrypted. Usually it's
not.

Fully agree ... but the initial question was what to if we want to be
secure. If I am "Mr. IT Manager" and see two security issues, insecure
network traffic and insecure backups, and want to resolve them?!? We can
protect the network, and when the time comes to backups ....do what?
If the network is still insecure (but can be), it is not an excuse to do
not have protection on backups!
Some companies/organizations prefer to *lose* some data instead of
revealing that same data to a competitor/enemy!!!

Back to the topic - "GIVE US A CHANCE"
The "appropriate" method is to open a enhancement request with IBM.
Argument it with the cumulative revenue IBM lost because of lacking the
feature - sum licenses, services and maintenance for 3 or 5 years, for all
projects you've lost and SHOW THEM THE MONEY!!!


Zlatko Krastev
IT Consultant






Guillaume Gilbert <guillaume.gilbert AT CGI DOT COM>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
27.11.2003 18:00
Please respond to guillaume.gilbert


        To:     ADSM-L AT VM.MARIST DOT EDU
        cc:
        Subject:        Re: encryption: 56 to 128


I always ask if any data that transits on the network is encrypted.
Usually
it's not. So why would the backups be?. Unlike Netbackup, TSM does not use
tar to write on tapes. It uses its own proprietary method. And without the
TSM database, a TSM tape is worhtlees...

Guillaume Gilbert
Backup Administrator
CGI - ITM
(514) 415-3000 x5091
guillaume.gilbert AT cgi DOT com

> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU]
> On Behalf Of Remco Post
> Sent: Thursday, November 27, 2003 10:58 AM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: encryption: 56 to 128
>
>
> On Thu, 27 Nov 2003 09:41:34 -0500
> Joe Crnjanski <JCrnjanski AT INFINITYNETWORK DOT COM> wrote:
>
> > Hi All,
> >
> > Does anybody know if IBM is planning to upgrade their
> famous encryption
> > from 56 to 128 bit at least. Not to mention that today on
> market 512 bit
> > is not very difficult to find in other softwares.
> >
> > We lost couple of customers because they requested at least 128 bit
> > encryption.
> >
> > I know that IBM's argument is effect on speed of backup,
> but GIVE US A
> > CHANCE to choose and we can decide when to use 56 128 or 1024 bit.
> >
>
> IBM also arguments, rightfully, that if you need stronger
> encryption, you'll
> probably need to encrypt the files while they are stored on
> your disk as
> well. After some thought, I think I'll have to agree.
> Remember even 56bit
> des can currently not that easily be cracked by anyone who is
> not in the
> business of cracking strong encryption for a living.
>
>
> > Joe Crnjanski
> > Infinity Network Solutions Inc.
> > Phone: 416-235-0931 x26
> > Fax:     416-235-0265
> > Web:  www.infinitynetwork.com
>
>
> --
> Met vriendelijke groeten,
>
> Remco Post
>
> SARA - Reken- en Netwerkdiensten
> http://www.sara.nl
> High Performance Computing  Tel. +31 20
> 592 8008    Fax. +31 20 668 3167
>
> "I really didn't foresee the Internet. But then, neither did
> the computer
> industry. Not that that tells us very much of course - the
> computer industry
> didn't even foresee that the century was going to end." --
> Douglas Adams
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ANR9999D TSM Server 4.2.2.2 and Client 5.1.5.15, Zlatko Krastev
Next by Date:  deleting 1200 volumes (== one stgpool), Remco Post
Previous by Thread:  Re: encryption: 56 to 128, Richard Sims
Next by Thread:  ANR9999D Error, andreas.woehrle
Indexes:  [Date] [Thread] [Top] [All Lists]