We aren't using encryption here - yet, nor have I used in the past.
It seems to me with this specifc scenario and the discussion in general
about this in the last few days, that the main problem is -PROCEDURES.
If you loose the key and therefore can't restore your data, then there
should be "key management" as part of you DRM procedures.
An Admin at some level should have/store in elecronic or hardcopy
form in a "safe" place onsite and at least one additional copy should be
stored at offsite vault. Just like when you change passwords etc., this
information should be updated, so if all your Admins got to lunch in one
car and ..., someone can get passwrods and get access to your systems!
Also no one should be using encryption unless some higher level admin
or manager knows about it and has the specific info.
My 2 cents.
David B. Longo
System Administrator
Health First, Inc.
3300 Fiske Blvd.
Rockledge, FL 32955-4305
PH 321.434.5536
Pager 321.634.8230
Fax: 321.434.5525
[EMAIL PROTECTED]
>>> [EMAIL PROTECTED] 04/04/02 08:12AM >>>
My favorite scenario is the disgruntled employee: maintains critical
corporate data on his system, backs it up using encryption, deletes the
data from his system, then walks off holding the key hostage (paranoid,
aren't I). There isn't any way to know somebody is out there using
encryption. You can create a forced "exclude.encrypt *" entry in a client
option set, but who thinks to do that?
The other issue is, what happens if the key is stolen? There is no way to
"change the password" for existing backed up files. And if you change the
key at the client, you wind up in a situation where a point in time
restore will require different keys for files that were backed up at
different dates.
_____________________________
William Mansfield
Senior Consultant
Solution Technology, Inc
"Joshua S. Bassi" <[EMAIL PROTECTED]>
Sent by: "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]>
04/03/2002 05:28 PM
Please respond to "ADSM: Dist Stor Manager"
To: [EMAIL PROTECTED]
cc:
Subject: RE: don t aynone know anything about Encryption in TSM.
Andy,
What could a customer do for DR of a client which lost it's encryption
key and needed to restore data from the TSM backup (encrypted).
--
Joshua S. Bassi
Sr. Solutions Architect @ rs-unix.com
IBM Certified - AIX/HACMP, SAN, Shark
Tivoli Certified Consultant- ADSM/TSM
Cell (415) 215-0326
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED]] On Behalf Of
Andrew Raibeck
Sent: Tuesday, April 02, 2002 7:45 AM
To: [EMAIL PROTECTED]
Subject: Re: don t aynone know anything about Encryption in TSM.
There is no additional encryption performed by the TSM server. The
encrypted data sent by the client remains, of course, encrypted when it
is
copied to a copy storage pool or backup set (or anywhere else in the TSM
hierarchy).
Files that were encrypted when they were backed up can not be restored
without the encryption key. The encryption key is not stored on the TSM
server. Therefore, someone intercepting the TSM server database and
storage pool volumes could not restore the data without the encryption
key
(unless they can hack it, but then any encryption scheme is subject to
hacking).
Except for TSM client encryption, there are no other TSM-enabled means
of
encrypting the data.
Regards,
Andy
Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: [EMAIL PROTECTED]
The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.
Pétur Eyþórsson <[EMAIL PROTECTED]>
Sent by: "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]>
04/02/2002 07:57
Please respond to "ADSM: Dist Stor Manager"
To: [EMAIL PROTECTED]
cc:
Subject: RE: don t aynone know anything about Encryption
in TSM.
My question was conserning 2 things.
If you use Encryption. Cant people who get a hold of the TSM Database
and
the Copy Storage Pools, restore the data, whether the data was back up
with
Encrytpion or not?
If you make a bakup set from the data back up. is ther Encryption on
that
data? if not is ther posible to make the backup sets more secure?
I have read about Encryption, witch sais that the data is Encrypted
before
the data is sent on the TSM Server. i haven t read anything about
Encrytpion
on the acctual TSM server data, whether the data uses encryption there
or
not. It does not matter if the data is Encrypted on the way to the TSM,
it
only matters if i can secure the data offsite? And i havent read
anything
about that in TSM only about Encryption in TSM for clients.
Kvedja/Regards
Petur Eythorsson
Taeknimadur/Technician
IBM Certified Specialist - AIX
Tivoli Storage Manager Certified Professional
Microsoft Certified System Engineer
[EMAIL PROTECTED]
Nyherji Hf Simi TEL: +354-569-7700
Borgartun 37 105 Iceland
URL: http://www.nyherji.is
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED]]On Behalf Of
Martin, Jon R.
Sent: 2. apríl 2002 14:36
To: [EMAIL PROTECTED]
Subject: Re: don t aynone know anything about Encryption in TSM.
In Petur's defense, I think he is trying to say he could not find
anywhere
that specifically said "data in a Seq. Access Storage Pool, that goes
offsite will be encrypted." I can't see where he says he read a
document
that says it is not encrypted.
Jon
-----Original Message-----
From: Jack Magill [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 02, 2002 9:10 AM
To: [EMAIL PROTECTED]
Subject: Re: =?8859_1?B?ZG9utHQg?=aynone know anything about Encryption
in TSM.
Hi, I was just wondering where you found the information stating that
the
data was only protected on the way to the server, but not on the server.
Encryption is done by the client using an encrytion key that it create
and
since the key is never passed from client to server, there is no way for
the
server to de-crypt the data before storage.
Please let me know, as I would like to look at the documentation.
Jack
>
> From: Pétur Eyþórsson <[EMAIL PROTECTED]>
> Date: 2002/04/02 Tue AM 07:04:45 EST
> To: [EMAIL PROTECTED]
> Subject: don t aynone know anything about Encryption in TSM.
>
> Hi i have posted this 2 times before here but havent receved a reply
yet.
> thus led me to belive that knowlegde on this is wery limited.
>
> I have a big custemer who is considerating TSM for there backup
system.
> However, they will be needing to take some of there backup offsite.
> They have extremly valible data witch may not get in the wrong hands.
>
> I have been reading up on Encryption in TSM and found it to be only
desingd
> to protect the data on the way
> to the TSM server. I found no info on werther the data would be
Encrypted
in
> the storage pools.
>
> My question.
>
> Is it possible to make Backupset, and be sure no-one can use it if it
gets
> in the wrong hands (Encrypt it somehow.
> How can a administrator be sure that no-one can restore his
> copy-storage-pools. is it posible to encrypt the data somehow.
> Is it possible to password protect the TSM Database, so that you can t
> restore it without a password.
>
>
> what way can they take offsite backup and be sure that there data is
safe,
> even if the bad guys get the tapes.
>
> Thanks in advance for any help.
>
> Kvedja/Regards
> Petur Eythorsson
> Taeknimadur/Technician
> IBM Certified Specialist - AIX
> Tivoli Storage Manager Certified Professional
> Microsoft Certified System Engineer
>
> [EMAIL PROTECTED]
>
> Nyherji Hf Simi TEL: +354-569-7700
> Borgartun 37 105 Iceland
> URL: http://www.nyherji.is
>
"MMS <health-first.org>" made the following
annotations on 04/04/02 10:32:04
------------------------------------------------------------------------------
This message is for the named person's use only. It may contain confidential,
proprietary, or legally privileged information. No confidentiality or privilege is
waived or lost by any mistransmission. If you receive this message in error, please
immediately delete it and all copies of it from your system, destroy any hard copies
of it, and notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended
recipient. Health First reserves the right to monitor all e-mail communications
through its networks. Any views or opinions expressed in this message are solely
those of the individual sender, except (1) where the message states such views or
opinions are on behalf of a particular entity; and (2) the sender is authorized by
the entity to give such views or opinions.
==============================================================================
