*** Original Author: ADSM-L @ MARIST - ** Remote User **; 06/19/97 02:56pm
>Received: from VM.MARIST.EDU by AUDUCADM.DUC.AUBURN.EDU (IBM MVS SMTP V3R1)
> with TCP; Thu, 19 Jun 97 14:56:10 CDT
>Received: from VM.MARIST.EDU by VM.MARIST.EDU (IBM VM SMTP V2R3)
> with BSMTP id 0035; Thu, 19 Jun 97 15:43:05 EDT
>Received: from VM.MARIST.EDU (NJE origin LISTSERV@MARIST) by VM.MARIST.EDU
> (LMail V1.2b/1.8b) with BSMTP id 8157; Thu, 19 Jun 1997 15:43:04 -0400
>Received: from VM.MARIST.EDU by VM.MARIST.EDU (LISTSERV release 1.8c) with NJE
> id 4002 for ADSM-L AT VM.MARIST DOT EDU; Thu, 19 Jun 1997 15:43:00
> -0400
>Received: from MARIST (NJE origin SMTP@MARIST) by VM.MARIST.EDU (LMail
> V1.2b/1.8b) with BSMTP id 8143; Thu, 19 Jun 1997 15:43:00 -0400
>Received: from acs3.bu.edu by VM.MARIST.EDU (IBM VM SMTP V2R3) with TCP; Thu,
> 19 Jun 97 15:42:58 EDT
>Received: (from rbs@localhost) by acs3.bu.edu (8.8.4/) id PAA73574; Thu, 19 Jun
> 1997 15:40:17 -0400
>Message-ID: <199706191940.PAA73574 AT acs3.bu DOT edu>
>Date: Thu, 19 Jun 1997 15:40:17 -0400
>Reply-To: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
>Sender: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
>From: Richard Sims <rbs AT BU DOT EDU>
>Subject: Re: (Fwd) ADSM data security
>Comments: cc: rbs AT acs.bu DOT edu
>To: ADSM-L AT VM.MARIST DOT EDU
>
Kent - If those people are hesitant to use ADSM for security reasons, they
should be fearful in general of using their networks, as I'm sure
they are already sending passwords and sensitive data over those networks.
You didn't say what kind of networking is involved, but if it's Ethernet,
I would suggest implementing Switched Ethernet technology - which in
addition to sending only a single destination's packets over that leg of
the network can also scramble the data (and greatly improve performance).
There are numerous technologies to address these issues in networking.
All of this is to say that ADSM is not the issue: the networking is,
as the conduit for the data from all manner of protocols and applications.
Richard Sims, Boston University OIT
______________________________ Reply Separator _________________________________
Subject: (Fwd) ADSM data security
Author: ADSM-L (ADSM-L AT VM.MARIST DOT EDU) at unix,mime
Date: 6/19/97 1:16 PM
We have some people at our university who are hesitant to use ADSM because of
security reasons. I believe that they are concerned of the possiblity that
ethically-challenged people may sniff networks, intercept the backup data,
and recreate files containing sensitive data.
My response to this concern is the following.
1) I presume that file data and ADSM specific data is packed into an ADSM
non-public domain protocol. So, anybody sniffing would have to understand
and/or re-engineer this protocol.
2) We force the client to compress the data, so no clear text is transferred
on the network. So, anyone trying to intercept that data would have to
collect complete data transmissions, understand the protocol, and uncompress
the files, in order to gain access to any sensitive data.
o Is there an official response addressing security of ADSM data on the
network?
o Are there any stronger arguments showing that security is not a concern?
o What are valid concerns for security exposure of ADSM data?
Responses anyone?
Kent
--
Kent Johnson Internet: johnsk6 AT rpi DOT edu
Kent Johnson Internet: johnsk6 AT rpi DOT edu
Unix Systems Programmer (VCC 323) Phone: (518) 276-8175
Rensselaer Polytechnic Institute Fax: (518) 276-2809
*** Comments From: STEWAJM - Stewart, Mike; 06/19/97 03:04pm
After explaining the above, plus discussion of compacted
data being a bit difficult to snoop, if the users here
are still reluctant, I suggest they code exclude statements
to avoid sending sensitive data over the net.
|
