Kent,
        Security is always a concern.  However, keep in mind that, unless users
are encrypting everything they're sending across the wire, this will be
a problem with many other applications as well.  Compressing the data
would help but, if somebody is determined enough, they'd probably be
able to figure out how to decompress it.  The other issue to consider is
that they'd have to capture and go thru a lot of data unless they knew
exactly what they were looking for and when to look for it.  If there's
a lot of sensitive data lying around on workstations, has your
organization considered using some sort of encryption program for
storing that data ??   This being said, I think some sort of encryption
option within ADSM would be very valuable... I remember this being
posted as a requirement some time ago but did not see it mentioned in
the announcement letter for ADSM Version 3.

        As what protocol is used, when I asked ADSM support a couple of years
ago I was told it uses TCP (not UDP).

Regards...
Tim Pittson
tpittson AT himail.hcc DOT com

>----------
>From:  Kent L. Johnson[SMTP:johnsk6 AT RPI DOT EDU]
>Sent:  Thursday, June 19, 1997 2:16 PM
>To:    ADSM-L AT VM.MARIST DOT EDU
>Subject:       (Fwd) ADSM data security
>
>We have some people at our university who are hesitant to use ADSM because of
>security reasons.  I believe that they are concerned of the possiblity that
>ethically-challenged people may sniff networks, intercept the backup data,
>and recreate files containing sensitive data.
>
>My response to this concern is the following.
>
>1) I presume that file data and ADSM specific data is packed into an ADSM
>non-public domain protocol.  So, anybody sniffing would have to understand
>and/or re-engineer this protocol.
>
>2) We force the client to compress the data, so no clear text is transferred
>on the network.  So, anyone trying to intercept that data would have to
>collect complete data transmissions, understand the protocol, and uncompress
>the files, in order to gain access to any sensitive data.
>
>o Is there an official response addressing security of ADSM data on the
>network?
>o Are there any stronger arguments showing that security is not a concern?
>o What are valid concerns for security exposure of ADSM data?
>
>Responses anyone?
>
>- Kent
>
>--
>Kent Johnson                        Internet: johnsk6 AT rpi DOT edu
>Unix Systems Programmer (VCC 323)      Phone: (518) 276-8175
>Rensselaer Polytechnic Institute         Fax: (518) 276-2809
>