i'll just pack all my ansers to that thread in one reply

----------------------
debcav5 AT hotmail DOT com wrote:
debcav5 AT hotmail DOT com wrote:
----------------------
> Well, I guess that answers my question.
> Well, I guess that answers my question.

sorry couldn't find the answer you are refering to on the list

> There is no real security with
> ADSM.  Earlier postings state that it's security is "Kerberos-like" - that
> doesn't seem true either.

adsm uses a kerberos-like authentication between backup client and server
you have to use passwort expiration and "passwordaccess generate"
to make the client access more secure

> Doesn't this seem to bother any of you using the
> system and it's tools?  Am I missing something?

sure i am .. but i'm more concerned with server/admin security
than backup client security (at least i found more security
problems with the admin access)

----------------------
ccao AT brooks DOT com wrote:
ccao AT brooks DOT com wrote:
----------------------
> I looked but didn't see much discussion on this?
> I looked but didn't see much discussion on this?

there had been some discussion on ADSM-R

----------------------
payne AT berbee DOT com wrote:
payne AT berbee DOT com wrote:
----------------------
> I will echo others comments why must the backup product provide secur> I will 
> echo others comments why must the backup product provide security?

it has to be .. and not only in ibm's sense of "security against data loss"

security of the server against unauthorized admin access
security against restore to an unauthorized machine
sometimes secure data transfers

> I believe, although I have no first
> hand experience, that people seeking others data are using more advanced
> means.

in my opinion, a unauthorized restore to a cracked machine is a "good" way
to access data from a different machine.

----------------------
cookde AT bp DOT com wrote:
cookde AT bp DOT com wrote:
----------------------
> Now all our environments are behind the big corp firewall so all I ha> Now 
> all our environments are behind the big corp firewall so all I have to
> "worry" about are internal problem people and that boils down to a "are they
> paying their folks enough to keep them happy"

i woudn't say so .. who controlls which people have access to your systems
from behind the firewall and might be hired by a competition to spy on you.
what about consultants or even janitors or cleaners.

> I'm pleased with the security... well it fits my needs would probably be a
> more proper thing for me to say.

i'm not .. and not at all about how ibm handles hints about security problems
(thats just my personal opinion)






as a conclusion i'd say adsm is secure enought in the client-server
backup/restore
communication if you use all settings right, but it needs a better administative
authentication scheme





Kind Regards/ Mit freundlichen Grüßen

Frank Mohr

GTS IT-I, System Planning & Engineering
Unix Systems, System Services

ALFRED-HERRHAUSEN-ALLEE 16-24
65760 ESCHBORN
PHONE: (+49) 69-910-66432
FAX: (+49) 69-910-65197