Re: [ADSM-L] Can a TSM server admin purloin client backups?

Subject:	Re: [ADSM-L] Can a TSM server admin purloin client backups?
From:	Remco Post <r.post AT PLCS DOT NL>
To:	ADSM-L AT VM.MARIST DOT EDU
Date:	Tue, 25 Oct 2011 22:19:08 +0200

Even better, an admin with system privileges can even restore the data without 
knowing the client password, using his own credentials. The lesson here: a 
system admin can do everything with everything.

The only way to prevent that is have the entire actlog be forwarded 'real time' 
to a central logging server that he can't touch and the death penalty on any 
action you don't want him to perform. (And full time auditing etc....).

On 25 okt. 2011, at 22:07, Keith Arbogast wrote:

> This question came up again here. If a TSM admin with system authorization 
> knows the client password for a certain TSM node, what keeps him from 
> restoring files from that node to another server of his choosing?
> 
> Sorry to resuscitate this old horse.
> 
> With many thanks,
> Keith  

-- 
Met vriendelijke groeten/Kind Regards,

Remco Post
r.post AT plcs DOT nl
+31 6 248 21 622

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[ADSM-L] Can a TSM server admin purloin client backups?, Keith Arbogast

Next by Date:

Re: [ADSM-L] Can a TSM server admin purloin client backups?, Skylar Thompson

Previous by Thread:

[ADSM-L] Can a TSM server admin purloin client backups?, Keith Arbogast

Next by Thread:

Re: [ADSM-L] Can a TSM server admin purloin client backups?, Skylar Thompson

Indexes:

[Date] [Thread] [Top] [All Lists]