1. Introduction

There are three main aspects to this subject: the security of the login process; security during data transfer; and the security of the tapes on which the data is ultimately held.

2. The login process

Login to the TSM server is authenticated by a Kerberos-like challenge-response mechanism. This ensures that a unique session key is generated at each login and that passwords are not sent over the network. As such, the TSM Login process may be said to be robust.

3. Data transfer

Data is sent to the TSM server by default unencrypted across the network. However, a facility for encrypting data to be backed up is available, using 128-bit AES or 56-bit DES. For information on how to select files for encryption, see our page on TSM encryption. Users may also encrypt sensitive data before backing it up.

4. Data tapes

Your data is copied to three separate tapes. One copy resides in the Tape Robot in the IT Services Machine room. The other two copies are held in locked fireproof safes, one onsite at IT Services, one offsite in locked premises. The data on the tapes is inaccessible without the TSM database.

A fuller consideration of the security of TSM can be found at http://ist.mit.edu/sites/default/files/services/backup/Security%20Notes%20on%20TSM.pdf.