ADSM-L

Re: (Fwd) ADSM data security

1997-06-19 15:19:52
Subject: Re: (Fwd) ADSM data security
From: Eric LEWIS <Eric.Lewis AT CCMAIL.ADP.WISC DOT EDU>
Date: Thu, 19 Jun 1997 14:19:52 CDT
     My response to these questions, and we do get them, is to say, "If you
     are worried about privacy of data, encrypt the files on your machine."
      Doing so won't affect ADSM performance, as a strategy that encrypted
     during the backup process would.

     I think people are trained to ask this question but don't much follow
     thru on locking the door on the room that contains the machine, and
     other more basic measures.

     erl


______________________________ Reply Separator _________________________________
Subject: (Fwd) ADSM data security
Author:  "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> at IPNET
Date:    6/19/97 1:49 PM


We have some people at our university who are hesitant to use ADSM because of
security reasons.  I believe that they are concerned of the possiblity that
ethically-challenged people may sniff networks, intercept the backup data,
and recreate files containing sensitive data.

My response to this concern is the following.

1) I presume that file data and ADSM specific data is packed into an ADSM
non-public domain protocol.  So, anybody sniffing would have to understand
and/or re-engineer this protocol.

2) We force the client to compress the data, so no clear text is transferred
on the network.  So, anyone trying to intercept that data would have to
collect complete data transmissions, understand the protocol, and uncompress
the files, in order to gain access to any sensitive data.

o Is there an official response addressing security of ADSM data on the
network?
o Are there any stronger arguments showing that security is not a concern?
o What are valid concerns for security exposure of ADSM data?

Responses anyone?

Kent

--
Kent Johnson                        Internet: johnsk6 AT rpi DOT edu
Kent Johnson                        Internet: johnsk6 AT rpi DOT edu
Unix Systems Programmer (VCC 323)      Phone: (518) 276-8175
Rensselaer Polytechnic Institute         Fax: (518) 276-2809
<Prev in Thread] Current Thread [Next in Thread>