IBM Support

Can you describe the security of Tivoli Endpoint Manager (TEM)?

Technote (troubleshooting)


The following describes some of the security features built into the product.

Resolving the problem

Strong security was a critical requirement of TEM and was engineered into the system at the earliest design levels. Users of the product are protected at many different levels.

TEM security precautions include:

  • Public key/private key digital signature technology to ensure that the actions taken on machine are from a trusted source.
  • Public key/private key digital signature technology to ensure that Fixlet messages received from IBM were authorized and not changed or altered in any way.
  • The information about relevant Fixlet messages and TEM Client computers is stored in a MS SQL Server database accessible only through SQL Server authentication using a password or by using Windows NT authentication.

    Note: Because of the digital signature security scheme, compromising the TEM database or TEM Server will NOT result in the ability to send unauthorized actions to the TEM Clients.

  • All downloaded files (such as patches and updates from Microsoft) are checked using a checksum algorithm (SHA1) to ensure that the correct file was downloaded and that the file was not altered or spoofed in any way.
  • The recommended TEM installation puts all components behind a firewall, which adds an extra layer of security.
  • All TEM related network traffic flows on a customizable port (default 52311) that allows easy firewall configuration and easy monitoring.
  • TEM was designed and engineered with constant attention to security, and many security vulnerabilities that exist in other products (where security was an afterthought) do not exist in TEM.

Historical Number


Document information

More support for: IBM BigFix family

Software version: All Versions

Operating system(s): Platform Independent

Reference #: 1505820

Modified date: 05 November 2013