The short answer is that unencrypted TSM tapes are totally readable by a
determined black hat. No, they can't be imported by another TSM server, and no
the format isn't published by IBM. But the format has been cracked by at least
two COMMERCIAL products:
www.indexengines.com
They sell an appliance that you can feed TSM/NBU/NW/ARCServe/BE tapes to. Not
only will they be read, it will generate a FULL TEXT searchable index of the
content on those tapes. (You'll be able to say "give me all the emails/files
with this word in them.)
All a blackhat needs to do is buy one of these boxes and the appropriate tape
drive and they've got your data.
www.sepaton.com
While this wouldn't be used to steal data, they the SEPATON VTL has also
cracked the format, as they use it to do their content-aware deduplication.
That wouldn't be possible if they hadn't already cracked the format enough to
pull it apart and look at the files inside it.
Finally, if these two companies could crack the format with NO HELP from IBM,
so could a determined black hat. Yes, it would take them a long time, but it's
within the realm of possibility.
All of the comments in the QuickFacts guide are also true. The are all sorts
of difficulties with reading tapes outside a backup product, and the only true
way to be sure of the security of your data is to encrypt it.
Curtis Preston | VP Data Protection
GlassHouse Technologies, Inc.
T: +1 760 710 2004 | C: +1 760 419 5838 | F: F: +1 760 710 2009
cpreston AT glasshouse DOT com | www.glasshouse.com
Infrastructure :: Optimized
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Cory Heikel
Sent: Wednesday, July 30, 2008 12:25 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Question on tape format
I just talked with our Security Officer and was asked:
If our tapes are stolen while in transit, what data could be gotten off of them?
Has anyone on the list ever tried reading a copypool tape outside of TSM? If
so, what was actually on it? I know the data is there, but does it reference
file or node names in any way? Is the data itself actually readable?
Thanks,
cory
Cory Heikel
Tivoli Systems Administrator
Hershey Medical Center
(717) 531-7972
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
|