ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Firewall backups

2004-04-23 18:45:05
Subject: Re: Firewall backups
From: Sal Mangiapane <salm AT VITALDS DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 23 Apr 2004 18:44:24 -0400 
That link refers to Backup/Archive client.

I just sniffed both IE6 and ITSM-OR(5.2.2.0) Web-GUI login and both show the 
username and password!

>From my PC:

POST /SignOnPost HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, 
application/vnd.ms-excel, application/msword,
application/vnd.ms-powerpoint, application/x-shockwave-flash, */*
Referer: http://01.01.01.01:1580/signon
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: 01.01.01.01:1580
Content-Length: 40
Connection: Keep-Alive
Cache-Control: no-cache

%24PP1=LOGIN&USERID=salm&PASSWORD=ForMyEyesOnly




I haven't checked the TSM Client, but now I don't believe that it sends the 
username/password.  Generally, what Andy says it right!
I'm ready to say that I was wrong for the Client, has anyone sniffed a client 
and would like to share that information?

The Web-GUI does send the username and password in clear text.  (Can this be 
changed?)

Sal

> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU]On Behalf Of
> Neil Rasmussen
> Sent: Thursday, April 22, 2004 6:49 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: Firewall backups
>
>
> I have no comment on the best method of firewall implementation. However,
> I could not let the statement that TSM Sends it username/password as plain
> text go by without comment.
>
> Neither the TSM Client nor the Web-GUI send the username/password in the
> clear. I am not sure where this information came from but it just is not
> true. Here is a post from about a year ago that explains how the password
> is sent, the explanation goes for the Client as well as the Web-GUI:
>
> http://msgs.adsm.org/cgi-bin/get/adsm0302/707.html
>
>
> Regards,
>
> Neil Rasmussen
> Software Development
> Data Protection for Oracle
> rasmussn AT us.ibm DOT com
>
>
>
>
> Sal Mangiapane <salm AT vitalds DOT com>
> Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
> 04/21/2004 08:06 PM
> Please respond to
> salm
>
>
> To
> ADSM-L AT VM.MARIST DOT EDU
> cc
>
> Subject
> Re: Firewall backups
>
>
>
>
>
>
> We operate through firewalls differently:
>
> We have a small VPN device that we use to create an IPSec VPN tunnel and
> only have entries in the firewall for this tunnel, then we
> run all ITSM traffic through the tunnel.  Makes for simpler firewall
> settings and adds extra security  because username/password is
> sent as plain text by ITSM.
>
> You will also want to limit the Web-GUI client for security reasons too
> (plain text -- too).
>
> I can provide more details, contact me directly:
>
> salm(at)vitalds(dot)com or 724-758-3981
>
> Sal
> Vital Data Systems
>
>
> > -----Original Message-----
> > From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU]On Behalf 
> > Of
> > Gill, Geoffrey L.
> > Sent: Wednesday, April 21, 2004 6:43 PM
> > To: ADSM-L AT VM.MARIST DOT EDU
> > Subject: Firewall backups
> >
> >
> > We're trying to get backups running outside a firewall and below are the
> > results of a test. The network folks sent me this log to show the ports
> > which communicating during backup. On the left is the server IP on the
> right
> > is the client IP.
> >
> > The client settings are below. The question is how to get all to
> communicate
> > on one specified port so they can tighten down acls. I've read the
> write-up
> > on this and thought everything was set properly but I must be missing
> > something. If someone has advice it would be greatly appreciated.
> >
> >
> >
> > Thanks,
> >
> >
> >
> > COMMmethod                           TCPIP
> >
> > TCPServeraddress                     xxx.xxx.xxx.xxx
> >
> > TCPCLIENTADDRESS               xxx.xxx.xxx.xxx
> >
> > WEBPORTS                             1582,1583
> >
> > TCPPort                                    1500
> >
> > TCPCLIENTPORT                      1501
> >
> > HTTPPort                                  1581
> >
> >
> >
> > Apr 20 17:04:50 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37317) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:04:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500)
> ->
> > xxx.xxx.xxx.xxx(2200), 1 packet
> >
> > Apr 20 17:05:04 PDT: list TSM-Filter denied tcp xxx.xxx.xxx.xxx(37316)
> ->
> > xxx.xxx.xxx.xxx(1501), 2 packets
> >
> > Apr 20 17:05:04 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37317) ->
> > xxx.xxx.xxx.xxx(1501), 4 packets
> >
> > Apr 20 17:05:04 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500)
> ->
> > xxx.xxx.xxx.xxx(2200), 5648 packets
> >
> > Apr 20 17:05:21 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37318) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:05:51 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37319) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:06:21 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37320) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:06:51 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37321) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:07:21 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37322) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:07:51 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37323) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:08:21 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37324) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:08:51 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37325) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:09:21 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37326) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:09:51 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37327) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:10:06 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500)
> ->
> > xxx.xxx.xxx.xxx(2200), 61959 packets
> >
> > Apr 20 17:10:21 PDT: list TSM-Filter permitted tcp
> xxx.xxx.xxx.xxx(37328) ->
> > xxx.xxx.xxx.xxx(1501), 1 packet
> >
> > Apr 20 17:10:25 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500)
> ->
> > xxx.xxx.xxx.xxx(2235), 1 packet
> >
> > Apr 20 17:10:41 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500)
> ->
> > xxx.xxx.xxx.xxx(2235), 8 packets
> >
> > Apr 20 17:10:41 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500)
> ->
> > xxx.xxx.xxx.xxx(2200), 2586 packets
> >
> >
> >
> > Geoff Gill
> > TSM Administrator
> > NT Systems Support Engineer
> > SAIC
> > E-Mail:   gillg AT saic DOT com
> > Phone:  (858) 826-4062
> > Pager:   (877) 854-0975
> >
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Prompted for Password every time/Scheduler exited with a result code of 12., Mayo, Bill
Next by Date:  Re: Firewall backups, Stef Coene
Previous by Thread:  Re: Firewall backups, Neil Rasmussen
Next by Thread:  Re: Firewall backups, Stef Coene
Indexes:  [Date] [Thread] [Top] [All Lists]