Hi.
We were discussing possible security issues, and then we thought about the TSM feature which allows a schedule to execute a command on a client node. This seems like a very big security risk. In the case that the TSM server got hacked, the attacker could create a schedule to run any command he likes on any node system he likes, right? Is there some way to limit the allowed commands on the client side? We only use commands for TDP schedules, so it could be blocked totally in most cases.
Has anyone else considered this, and come to any conclusions regarding how to limit the risk?
We were discussing possible security issues, and then we thought about the TSM feature which allows a schedule to execute a command on a client node. This seems like a very big security risk. In the case that the TSM server got hacked, the attacker could create a schedule to run any command he likes on any node system he likes, right? Is there some way to limit the allowed commands on the client side? We only use commands for TDP schedules, so it could be blocked totally in most cases.
Has anyone else considered this, and come to any conclusions regarding how to limit the risk?