ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Can a TSM server admin purloin client backups?

2011-10-25 17:06:25
Subject: Re: [ADSM-L] Can a TSM server admin purloin client backups?
From: Remco Post <r.post AT PLCS DOT NL>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 25 Oct 2011 22:55:37 +0200 
anybody willing to do evil could find a way to have a system connected to the 
network where he has full access. Some laptop? Even with port security on the 
switch... just fix the ethernet card mac address :)

Basically, trust your admins to do the right thing, or don't hire them in the 
first place.

On 25 okt. 2011, at 22:43, Ochs, Duane wrote:

> I guess that depends on the privs the TSM admin has to your servers. 
> 
> In my environment as the Senior TSM admin I have admin privs or root access 
> to all the machines being backed up.
> Which means I could in theory restore data to any server I wanted... however 
> I could also copy data from one machine to another, in theory.
> 
> For other admins, in our environment, that do not have admin privs they don't 
> have access to log into machines to configure a restore from another machine.
> 
> FYI: TSM admins could also change the password to a client machine to restore 
> data anywhere, if they wanted.
> 
> 
> 
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf 
> Of Hart, Charles A
> Sent: Tuesday, October 25, 2011 3:22 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: Can a TSM server admin purloin client backups?
> 
> Nothing, it's a policy challenge if they has TSM Sys Admin rights.  Kind
> of like a Cop that sells evidence or takes a bribe, a priest that
> protects the young ... at some point you have to trust your admin or
> fire them.  In my exp a node pw can be overridden with a Sys admin user
> and pw.
> 
> Maybe I over simplified the situation.
> 
> 
> 
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf 
> Of
> Keith Arbogast
> Sent: Tuesday, October 25, 2011 3:07 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: [ADSM-L] Can a TSM server admin purloin client backups?
> 
> This question came up again here. If a TSM admin with system
> authorization knows the client password for a certain TSM node, what
> keeps him from restoring files from that node to another server of his
> choosing?
> 
> Sorry to resuscitate this old horse.
> 
> With many thanks,
> Keith  
> 
> This e-mail, including attachments, may include confidential and/or
> proprietary information, and may be used only by the person or entity
> to which it is addressed. If the reader of this e-mail is not the intended
> recipient or his or her authorized agent, the reader is hereby notified
> that any dissemination, distribution or copying of this e-mail is
> prohibited. If you have received this e-mail in error, please notify the
> sender by replying to this message and delete this e-mail immediately.

-- 
Met vriendelijke groeten/Kind Regards,

Remco Post
r.post AT plcs DOT nl
+31 6 248 21 622
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Can a TSM server admin purloin client backups?, Skylar Thompson
Next by Date:  Re: [ADSM-L] Can a TSM server admin purloin client backups?, Del Hoobler
Previous by Thread:  Re: [ADSM-L] Can a TSM server admin purloin client backups?, Ochs, Duane
Next by Thread:  Re: [ADSM-L] Can a TSM server admin purloin client backups?, Hans Christian Riksheim
Indexes:  [Date] [Thread] [Top] [All Lists]