ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Can data be read from scratch tapes?

2006-06-01 13:48:47
Subject: Re: Can data be read from scratch tapes?
From: Andrew Raibeck <storman AT US.IBM DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 1 Jun 2006 10:52:24 -0700 
That technote needs to be changed. Among other things, the title is
misleading (read "false").

The main ideas are:

1) Given enough time, money, tools, and other resources, data on any tape
written by any product can be reverse-engineered. There is no such thing
as 100% guaranteed data security, at least none that I am aware of; it is
just a matter of degree. (OK, granted, if the tape is damaged, then it
might not be readable... but even then, barring the utter destruction of
the media, there are tools and other means of getting around the damage.)

2) As one of my colleagues in development pointed out to me, the question
shouldn't be "can the data be read?", because the answer is almost always
"yes" (see #1 above). It's really a question of how easily the data can be
interpreted, as addressed by the earlier responses to this thread.

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.ibm DOT com

IBM Tivoli Storage Manager support web page:
http://www-306.ibm.com/software/sysmgmt/products/support/IBMTivoliStorageManager.html

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 2006-06-01
07:21:10:

>
> Thanks for the responses I received on this question.  The link to
> previous responses from Andy was very good in explaining the issues
> to auditors.  I thought I would also share a tech note that was
> provided to me through opening a pmr.
>
> Technote  # 1212293  Title *  TSM Ensures That Data On Tapes Are Secure.

> .
> Solution * The customer is responsible for the physical security of the
> tapes. But the following will explain why reading tapes written by TSM
> is difficult, if not impossible, to be read by an outside application:
> 1. First, if client encryption is enabled, 3rd party applications would
> be prevented from simply reading the data off the tape since it is not
> in its native form. Please note that you must save the encryption key
> because once it is lost, no one can retrieve it not even  the TSM
> development  team.
> 2. Second, TSM stores the data on the tape in a proprietary format. We
> insert control information and metadata within the data stream that
> prevents the data from being read from end to end in its native form.
> 3. Third, without the TSM database, one would not be able to determine
> the position of the data on the tape for objects. The data is not stored

> as a filespace as some applications do.
> Topic Security
>
> Brenda Collins
> Storage Management
> IBM Global Services
>
> Phone: 763-390-5627
> E-Mail: collinbr AT us.ibm DOT com
>
> [image removed]
>
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: TSM Policy Best Practices, Zoltan Forray/AC/VCU
Next by Date:  Re: TSM 5.1.5.4 and raw Solaris Volume Manager partitions, Matthew Glanville
Previous by Thread:  Re: Can data be read from scratch tapes?, Brenda Collins
Next by Thread:  Re: Can data be read from scratch tapes?, Remco Post
Indexes:  [Date] [Thread] [Top] [All Lists]