A good idea but for us, most of our backups/archives on Oracle systems are done manually/system managed, not TSM server scheduled. Plus you have no realistic idea of how long the backup could run. We have Notes backups that run 10-days!
On Mon, Feb 2, 2015 at 5:54 PM, Marcel Anthonijsz <mar...@anthonijsz.net> wrote: > Can Schedule an admin schedule around the Oracle/Notes backup window to > enable/disable BACKDEL=YES/NO. > > It is not an ideal situation, but decreases the risk. And if you configured > these nodes with specific nodenames (like you should) the malware could not > get to those clients. > Or they should scan the host for all available TSM OPT files and act from > these... > > 2015-02-02 19:44 GMT+01:00 Zoltan Forray <zfor...@vcu.edu>: > > > Same goes for Oracle and Notes backups. They manage their own backups so > > no way to get around this. Same goes for PASSWORDACCESS GENERATE - AFAIK > > can't schedule backups without it.... > > > > On Mon, Feb 2, 2015 at 12:44 PM, Schneider, Jim <jschnei...@ussco.com> > > wrote: > > > > > Roger, > > > > > > According to my TSM Data Protection for SQL 6.4 manual, servers that > run > > > TDP for SQL require backdelete authority. I don't know how to get > around > > > this problem. > > > > > > Jim Schneider > > > > > > -----Original Message----- > > > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf > Of > > > Roger Deschner > > > Sent: Friday, January 30, 2015 7:40 PM > > > To: ADSM-L@VM.MARIST.EDU > > > Subject: [ADSM-L] Ransomware deleted TSM backups from node > > > > > > I'm not sure there's anything that can be done about this, but take it > as > > > a warning anyway. > > > > > > A Windows 7 desktop node here was attacked by CryptoWare 3.0 > ransomware. > > > They encrypted all files on the node, and left a ransom note. > > > > > > The node owner called me because they were having trouble restoring > their > > > files from TSM using a point-in-time restore. The files were gone! > > > Apparently this villian located which backup program was installed, > found > > > it was TSM, and issued actual dsmc delete backup commands, which they > > were > > > allowed to do since PASSWORDACCESS GENERATE was in effect. So this > attack > > > vector is not limited to TSM; it would work with any backup program > that > > > the villian can figure out how to use. > > > > > > I have moved this node to a domain that includes VEREXISTS=NOLIMIT > > > VERDELETED=NOLIMIT RETEXTRA=NOLIMIT RETONLY=NOLIMIT for that Copy > Group, > > > while our data security people investigate. > > > > > > I am planning to change all TSM client nodes to BACKDEL=NO ARCHDEL=NO > to > > > prevent a hacker from deleting backups. Anybody got a better idea? > > > > > > Roger Deschner University of Illinois at Chicago > rog...@uic.edu > > > =================== ALL YUOR BASE ARE BELONG TO US!! > =================== > > > > > > ********************************************************************** > > > Information contained in this e-mail message and in any attachments > > > thereto is confidential. If you are not the intended recipient, please > > > destroy this message, delete any copies held on your systems, notify > the > > > sender immediately, and refrain from using or disclosing all or any > part > > of > > > its content to any other person. > > > > > > > > > > > -- > > *Zoltan Forray* > > TSM Software & Hardware Administrator > > BigBro / Hobbit / Xymon Administrator > > Virginia Commonwealth University > > UCC/Office of Technology Services > > zfor...@vcu.edu - 804-828-4807 > > Don't be a phishing victim - VCU and other reputable organizations will > > never use email to request that you reply with your password, social > > security number or confidential personal information. For more details > > visit http://infosecurity.vcu.edu/phishing.html > > > > > > -- > Kind Regards, Groetje, > > Marcel Anthonijsz > T: +31(0)299-776768 > M:+31(0)6-53421341 > -- *Zoltan Forray* TSM Software & Hardware Administrator BigBro / Hobbit / Xymon Administrator Virginia Commonwealth University UCC/Office of Technology Services zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html