ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Question on tape format

2008-07-30 17:43:38
Subject: Re: [ADSM-L] Question on tape format
From: Curtis Preston <cpreston AT GLASSHOUSE DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 30 Jul 2008 17:42:47 -0400 
The short answer is that unencrypted TSM tapes are totally readable by a 
determined black hat.  No, they can't be imported by another TSM server, and no 
the format isn't published by IBM.  But the format has been cracked by at least 
two COMMERCIAL products:

www.indexengines.com

They sell an appliance that you can feed TSM/NBU/NW/ARCServe/BE tapes to.  Not 
only will they be read, it will generate a FULL TEXT searchable index of the 
content on those tapes.  (You'll be able to say "give me all the emails/files 
with this word in them.)

All a blackhat needs to do is buy one of these boxes and the appropriate tape 
drive and they've got your data.

www.sepaton.com

While this wouldn't be used to steal data, they the SEPATON VTL has also 
cracked the format, as they use it to do their content-aware deduplication.  
That wouldn't be possible if they hadn't already cracked the format enough to 
pull it apart and look at the files inside it.

Finally, if these two companies could crack the format with NO HELP from IBM, 
so could a determined black hat.  Yes, it would take them a long time, but it's 
within the realm of possibility.

All of the comments in the QuickFacts guide are also true.  The are all sorts 
of difficulties with reading tapes outside a backup product, and the only true 
way to be sure of the security of your data is to encrypt it.

Curtis Preston  |  VP Data Protection  
GlassHouse Technologies, Inc.
 
T: +1 760 710 2004 |  C: +1 760 419 5838 |  F: F: +1 760 710 2009  
cpreston AT glasshouse DOT com |  www.glasshouse.com
Infrastructure :: Optimized

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Cory Heikel
Sent: Wednesday, July 30, 2008 12:25 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Question on tape format

I just talked with our Security Officer and was asked:
 
If our tapes are stolen while in transit, what data could be gotten off of them?
 
Has anyone on the list ever tried reading a copypool tape outside of TSM? If 
so, what was actually on it? I know the data is there, but does it reference 
file or node names in any way? Is the data itself actually readable?
 
Thanks,
cory
 
 
Cory Heikel
Tivoli Systems Administrator
Hershey Medical Center
(717) 531-7972





This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Question on tape format, Richard Sims
Next by Date:  [ADSM-L] TDPSQL update, Shawn Drew
Previous by Thread:  Re: [ADSM-L] Question on tape format, Richard Sims
Next by Thread:  Re: [ADSM-L] Question on tape format, Shawn Drew
Indexes:  [Date] [Thread] [Top] [All Lists]