I would also have to add one that applies here at amoco.
What random hacker, in a semi-secure environment can afford, sneak =
in,
and maintain enough DASD & processing power to capture the 300+ GB =
of
s$%%$, I mean stuff, that is thrown at the server daily! (well
actually every 1/3rd of a day, the other 2/3rds of each day is =
spent
just moving it all around on the server)
They would have to be on a subnet along the path from the client to
the server to begin with. (or you've got some bad router problems)
They could eliminate other node's network traffic fairly easily. =
THEY
COULD NOT (shy of spending a million dollars) KEEP UP WITH THE FLOW =
OF
DATA!
Hey, what a way to justify a dedicated fddi environment for ADSM
server & clients. (or an upgrade from 10BaseT)
"Well, we have to install dedicated fddi across the campus, =
multiple
fddi cards in the server and additional fddi cards in all the =
clients.
It is a security matter!"
'Cause ya just can't easily tap into a fiber cable! Even with all =
the
right equipment and all the time in the world it still screws up =
;-)
Whoa Kent, ahhh... for a second I thought that read pyrotechnics...
anyway,
Later,
Dwight
______________________________ Reply Separator =
_________________________________
Subject: (Fwd) ADSM data security
Author: ADSM-L (ADSM-L AT VM.MARIST DOT EDU) at unix,mime
Date: 6/19/97 1:16 PM
We have some people at our university who are hesitant to use ADSM =
because of
security reasons. I believe that they are concerned of the possiblity =
that
ethically-challenged people may sniff networks, intercept the backup =
data,
and recreate files containing sensitive data.
My response to this concern is the following.
1) I presume that file data and ADSM specific data is packed into an =
ADSM
non-public domain protocol. So, anybody sniffing would have to =
understand
and/or re-engineer this protocol.
2) We force the client to compress the data, so no clear text is =
transferred
on the network. So, anyone trying to intercept that data would have to
collect complete data transmissions, understand the protocol, and =
uncompress
the files, in order to gain access to any sensitive data.
o Is there an official response addressing security of ADSM data on the
network?
o Are there any stronger arguments showing that security is not a =
concern?
o What are valid concerns for security exposure of ADSM data?
Responses anyone?
Kent
--
Kent Johnson Internet: johnsk6 AT rpi DOT edu
Kent Johnson Internet: johnsk6 AT rpi DOT edu
Unix Systems Programmer (VCC 323) Phone: (518) 276-8175
Rensselaer Polytechnic Institute Fax: (518) 276-2809
|