ebook img

Securing HP Non: Stop Servers in an Open Systems World. TCP/IP, OSS, & SQL PDF

948 Pages·2006·12.676 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Securing HP Non: Stop Servers in an Open Systems World. TCP/IP, OSS, & SQL

droweroF I am in the risk business. I coach soccer, I play golf, I drive a sports car. These activities involve a lot of risk assessment. Then for funI manage a mission critical computer net- work. Quantum physics and detective stories keep the grey matter ticking over and stress relief si provided by my drum kit. I recently discovered an amazing pictorial account of NASA's Apollo lunar missions. It rekindled fantastical boyhood memories and prompted over- whelming feelings of awe and humility. Inevitable consideration of the technology brought back further juvenile wonderment but then, like a storm cloud, came adult realisation of the risks, practices and procedures. Computing power in the 1960's was a little lacking by today's standards and an average calculator si now much more powerful than the on-board system used for a moon landing. Sadly, NonStop Servers weren't available so reliability and resilience topped the list for those considering what might go wrong. Also near the top of the risk register was a major section on security where the threats of international competition, espionage, press intrusion, system malfunction, accidents, sabotage, malicious activity, miscalculation and countless more were defined, assessed and mitigated. NASA successfully iiilx xliv Foreward landed a dozen men on the moon. Achieving that on time and ahead of the competition took a thorough understanding of those risks and how to address them. I would love to read NASA's equivalent of XYPRO's books on securing the NonStop server. I do not know what you are using your NonStop Server for and I doubt you are sending it to Mars but I suspect you or your administrators need to understand the risks that today's world poses your system and its environ- ment. XYPRO's first book. HP NonStop Server Security: A Practical Hand- book has already helped many professionals to both understand and mitigate many of the risks faced and this subsequent book, Securing HP NonStop Servers in an Open Systems World si an important expansion worthy of its own place in the auditor's sa well sa the administrator's library. Risks are there to spoil things just when you are having fun, feeling content and off your guard. NASA got a few nasty shocks like Apollo 31 which only just made it home, but of course NASA si at the forefront of explora- tion, breaking new ground. The authors of this book have explored the HP NonStop universe of risk and laid out their findings for us all to benefit. Here you will find guiding practices and principles essential for the protection of your organisation's assets and to help you keep things running securely. And if your system should end up on Mars I would like some pictures. Mark Norman BT Global ,secivreS UK 6 ht May 2006 ecaferP This second handbook represents the efforts of many individuals at XYPRO, who collectively have over 250 years of experience with the HP NonStop platform. In addition, we've been privileged to work with a group of contributors and expert reviewers from the HP NonStop Server user community. Their cooperation and experience added dimension to this publication and we believe the reader will greatly benefit from their contri- butions. As a vendor of third party security software for the HP NonStop server platform, we were very careful to ensure that this handbook was useful for security administrators, system resource personnel, auditors and the general HP NonStop server community whether or not they chose to use our suite of software tools. The lack of reference material for the Guardian Operating system prompted us to author our previous book in the hopes that it would facilitate securing the HP NonStop server. HP NonStop revreS ,ytiruceS A lacitcarP Handbook was such a success that we received many requests to tackle more subject matter in a second book. We at XYPRO believe in this platform and have dedicated over 23 years to developing software to take advantage of its unmatched functionality, reliability and scalability. So clearly we also felt a second volume was well worth the effort. vlx xlvi Preface Plenty of other companies believe in the NonStop server too. According to a June 2005 Illuminata Inc. article by Gordon Haft, NonStop servers run many of the world's banking systems and HP estimates that it powers 75% of the 100 largest electronic funds transfer networks. NonStop servers also handle the majority of ATM and credit card transactions at major interna- tional banks. 95% of the world's securities transactions take place on Non- Stop servers at over 100 stock exchanges, including the New York Stock Exchange, the London Stock Exchange, and the Hong Kong Stock Exchange. NonStop servers are also used in healthcare, telecommunica- tions, manufacturing, retain, and government. They handle about half of the 911 emergency calls in the United States. This volume again seeks to familiarize auditors and those responsible for security configuration and monitoring with information that allows identi- fication of security risks and the best ways to mitigate these risks. It extends the knowledge presented in the previous book in several ways. It updates the discussion of some products, such sa Safeguard, which have had significant changes since the publication of the previous book in 2003. Additionally, we've introduced new topics such sa Open System Services, TCP/IP, and SQL database security. To avoid repeating large amounts of information, in some instances the reader si referred to a particular section in the previous book for additional Risks and Best Practice recommendations. Please remember that the needs of the corporation, computer center, appli- cations and customers must always take precedence over our recommended Best Practices in the environment. Use this handbook sa a guideline, not a rule. Readers of the previous book will find the presentation familiar. This time there are two Gazettes: The Guardian Gazette includes the Guardian components of the sub- systems discussed in this book. The OSS Gazette includes the OSS files found in the subdirectories created when OSS si installed sa well sa those that are installed by File Sharing Protocols such sa NFS and Samba. Preface xlvii We have endeavored to provide the information needed to remove some of the mystery with OSS (and UNIX). Appendix A explains OSS file and directory security, including umasks and the calculation of both the binary and octal versions of the security string. Appendix B si a Table of File and Directory Permissions that includes lla the possible security strings in text, octal and binary formats and the equivalent umasks. If the material in this book supports easier and more informed decisions, then we've accomplished our goal. dehsiugnitsiD srotubirtnoC Contributor: Thomas Anderson; Open Database Connectivity (ODBC/MP) Mr. Anderson sah over 61 years in NonStop systems experience in a career of over 32 years of application and system development. He saw a contrib- uting editor to the SQL Access Interoperability specification published sa the X/Open ,EAC derutcurtS yreuQ egaugnaL (SQL) and sti companion, nepO/X EAC Data :tnemeganaM LQS Call leveL .eca~etnI He partici- pated on the original panel which developed the DoD Trusted Computer System Evaluation Criteria for Database Security. He si recognized sa a NonStop Expert in for SQL Connectivity Solutions. NonStop Connectivity Architect Technologies Solutions: NonStop Enterprise Hewlett-Packard Company Author: Kevin Christian for NonStop SQL dna Database Security Mr. Christian si Chief Technology Officer and CEO of Enterprise IT Today, LLC. He coaches and guides companies and employees to build Information Technology solutions on strong database foundations. His xilx I Distinguished Contributors 20-plus years working with NonStop systems includes several years sa HP's NonStop SQL Product Manager and numerous speaking engagements about database throughout the world. He may be contacted by email at kevin, christian @eit-today. com. CTO & CEO Enterprise IT Today, LLC Contributor: Charlie Martenis for OSS Personality & OSS Gazette Mr. Martenis has 20 years of experience working with the Nonstop .revreS Bringing with him previous experience in the Telco industry, he has spent the last 5 years in server administration for a business intelligence project. Senior Analyst Global IT Hewlett-Packard Company Contributor: John Morris for FIPS 140-2 and Common Crite- ria topics Mr. Morris has over 51 years of experience in the security technology and validation industries. He si the co-founder of Corsec Security, Inc., which has over 9 years of validation experience and specializes in helping compa- nies navigate through the complex process of receiving FIPS 140 and Common Criteria (CC) validations, www.corsec.com President Corsec Security, Inc. Contributor: Mark Norman for TCP/IP and the Foreword Mr. Norman has been working with data communications networks since 1976. Over the last 21 years he has been the primary TCP/IP network architect for British Telecom's SettleNET project, which provides secure resilient ssecca for electronic settlement of securities in the UK and Ireland. XYPRO Technology il More recently he has been focusing on Quantum Cryptography and advanced change control mechanisms. Network Architect British Telecom Contributor: Larry Ruch for OSS Personality & OSS Gazette Mr. Ruch has over 12 years in NonStop systems and applications experi- ence. In 2005, he won the Top neT Winter Corp Award for the s'dlroW tsegraL and Most Heavily Used Event Store, Largest Normalized Size and Workload. He si recognized sa a NonStop Expert in the BI/DW, Retail, and Credit Authorization industries. NonStop Platform Architect NonStop Lead DBA and SysAdmin Global IT Hewlett-Packard Company XYPRO Technology Author: Bob Alvarado for Pathway Security Bob Alvarado has worked in the NonStop industry since 1980. He worked sa a field analyst for Tandem and sa a consultant for Tandem to their Alli- ance partners. He owned a third party software company that provided a NonStop database administration tool for the SQL/MP environment. Bob applies his NonStop expertise to help develop security and compliance soft- ware solutions for XYPRO. Author: Ellen Alvarado for Pathway Security Ellen Alvarado has worked in the NonStop industry since 1980. She has been a customer, an analyst, a 3 dr party vendor and a consultant. Ellen brings her practical experience and depth of knowledge about exercising the advantages of NonStop server technology to XYPRO sa a designer and developer of security and compliance software solutions. iil XYPRO Technology Chief Author & Editor: Terri Hill Terri Hill has over 17 years of computer systems experience with exper- tise in systems security, quality assurance, user documentation and educa- tion. sA a Security Analyst, she provides Security Review and Implementation Services to HP NonStop Server customers. Terri si also a valuable link between customers' business requirements and XYPRO's software development. Author: Harriet Hood for ODBC/MP & Diagrams Harriet Hood has over 25 years of computer systems experience; the last 91 yrs have been spent in the NonStop industry. Her experience sa a developer includes applications in a variety of industries such sa banking, insurance, manufacturing and securities. Currently she applies her technical and industry background to XYPRO's customer support and quality assurance processes. Assistant Editor: Sheila Johnson Sheila was one of the founders of XYPRO in 1983. sA CEO, she has the privilege of working closely with XYPRO's sales, marketing, product devel- opment, quality assurance and administration groups, plus more than a few customers. Under her leadership the company, product line and customer base have experienced continuous growth. Author: Jack Peters for Systems Management Tools & Compliance Concepts Jack's career in IT began in the 1970's sa an IBM COBOL and BAL pro- grammer working in the retail and insurance industries. He migrated into the aerospace industry and became an IMS/DBII DBA. During that time, he was assigned to support a project that purchased what was then a Tan- dem Computer system. He has worked sa a system manager and security administrator on NonStop systems ever since for companies in the Securi- ties trading and credit card processing industries. Reviewers liii Author: Greg Swedosh forTCPIIP Greg has worked on the NonStop platform since 1985 in both Australia and the United Kingdom. For 9 years he saw an employee of Tandem Australia before working sa a consultant in system management, business continuity and security to NonStop customers through sih company Knight- craft Technology. Greg sah presented on NonStop security in the USA, UK, India, Netherlands and Australia. Knightcraft Technology si XYPRO's distributor for the Asia Pacific Region. Author: Lauren Uroff for the Introduction and general copy editing Ms. Uroff sah over 27 years in NonStop systems applications and .ytiruces For the first 31 of those 27 years Lauren worked in the healthcare and banking industries. Since 1992, ehs has worked for XYPRO Technology in the area of security software design, documentation and education. Contributor: Scott Uroff for technical review Scott Uroff installed Tandem system #278 and sah more than 22 years of experience with the NonStop platform. During this time, his focus sah been on systems management, performance tuning and .ytiruces At XYPRO since 1992, Scott helped launch and si now product manager for XYPRO's suite of security and encryption software. Reviewers Pamela H. Brooks, Systems Engineer Mark .A Chapman, HPCP NonStop System~AIS, CSE, ASE & Integrity NonStop Migration Specialist Manager & Consultant; NonStop Systems Engineering Group, LLC. James Hamilton, EDS Information Security Rob Lesan, Principle Database Analyst; HP Certified NonStop ASE AOL LLC, Login Systems

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.