The ADSM password is not sent in the clear.
Barry Fruchtman
ADSM Development
On Thu, 3 Jul 1997, Joe Morris wrote:
> On Thu, 19 Jun 1997, Kent L. Johnson wrote:
>
> | We have some people at our university who are hesitant to use ADSM because
> of
> | security reasons. I believe that they are concerned of the possiblity that
> | ethically-challenged people may sniff networks, intercept the backup data,
> | and recreate files containing sensitive data.
>
> We're concerend about this issue as well. Our main concern is the desire
> to place our Kerberos servers on ADSM. Placing that data over the network
> is not attractive. My main concern is hackers grabbing the node password
> at the beginning of a session. If they have that, then they have access
> to all of the data from the ADSM server. This is assuming the password is
> sent in the clear.
>
> One solution I'm looking at is using ssh. Whereas, I setup a secure ssh
> connection from the client to the server and setup a special port to
> redirect port 1500 over that same connection. Now all information
> (password and data) is encrypted. Very little overhead with this so far.
> Still working out the minor details of setting-up the connection for a
> batch job and such. As long as you are using TCP/IP, the ssh solution
> should work for most people.
>
> _______________________________________________________________
> Joe Morris - morris AT unc DOT edu - http://sunsite.unc.edu/morris
> Academic Technology and Networks (formerly OIT), Development
> University of North Carolina at Chapel Hill
>
|