Can you describe the security of Tivoli Endpoint Manager (TEM)?
The following describes some of the security features built into the product.
Resolving the problem
Strong security was a critical requirement of TEM and was engineered into the system at the earliest design levels. Users of the product are protected at many different levels.
TEM security precautions include:
- Public key/private key digital signature technology to ensure that the actions taken on machine are from a trusted source.
- Public key/private key digital signature technology to ensure that Fixlet messages received from IBM were authorized and not changed or altered in any way.
- The information about relevant Fixlet messages and TEM Client computers is stored in a MS SQL Server database accessible only through SQL Server authentication using a password or by using Windows NT authentication.
Note: Because of the digital signature security scheme, compromising the TEM database or TEM Server will NOT result in the ability to send unauthorized actions to the TEM Clients.
- All downloaded files (such as patches and updates from Microsoft) are checked using a checksum algorithm (SHA1) to ensure that the correct file was downloaded and that the file was not altered or spoofed in any way.
- The recommended TEM installation puts all components behind a firewall, which adds an extra layer of security.
- All TEM related network traffic flows on a customizable port (default 52311) that allows easy firewall configuration and easy monitoring.
- TEM was designed and engineered with constant attention to security, and many security vulnerabilities that exist in other products (where security was an afterthought) do not exist in TEM.