July 25, 2014
Pen testing crucial to passing audits
Migrated HP 3000 sites have usually just put sensitive corporate information into a wider, more public network. The next audit their business applications will endure is likely to have a security requirement far more complicated to pass. For those who are getting an IT audit on mission-critical apps hosted on platforms like Windows or Linux, we offer this guide to penetration testing.
By Steve Hardwick
CSIPP, Oxygen Finance
Having just finished installing a new cable modem with internal firewall/router, I decided to complete the installation by running a quick and dirty on-line penetration test. I suddenly realized that I am probably a handful of home users that we actually run a test after installing the model. I used the Web utility Shields Up, which provides a quick scan for open ports. Having completed the test -- successfully I may add -- I thought it would be a good opportunity to review Pen, or penetration, testing as a essential discipline.
Penetration testing is a crucial part of any information security audit. They are most commonly used to test network security controls, but can be used for testing administrative controls too. Testing administrative controls, i.e. security rules users must follow, is commonly called social engineering. The goal of penetration testing is to simulate hacker behavior to see if the security controls can withstand the attack.
The key elements of either tests fall into three categories
1) Information gathering: This involves using methods to gain as much information about the target without contacting the network or the system users.
2) Enumeration: To be able to understand the target, a set of probing exercises are conducted to map out the various entry points. Once identified, the entry points are further probed to get more detail about their configuration and function.
3) Exploitation: After review of the entry points, a plan of attack is constructed to exploit any of the weaknesses discovered in the enumeration phase. The goal is get unauthorized access to information in order to steal, modify or destroy it.
Let's take a look at how all this works in practice.
Pivital Solutions: Your complete
HP e3000 resource
July 24, 2014
Using VSTORE to Verify 3000 Backups
Hidden, to some managers running HP 3000s, is the VSTORE command of MPE/iX to employ in system backup verification. It's good standard practice to include VSTORE in every backup job's command process. If your MPE references come from Google searches instead of reading your NewsWire, you might find it a bit harder to locate HP's documentation for VSTORE. You won't find what you'd expect inside a MPE/iX 7.5 manual. HP introduced VSTORE in MPE/iX 5.0, so that edition of the manual is where its details reside.
For your illumination, here's some tips from Brian Edminster, HP 3000 and MPE consultant at Applied Technologies and the curator of the MPE Open Source repository, MPE-OpenSource.org.
If possible, do your VSTOREs on a different (but compatible model) of tape drive than the one the tape was created on. Why? DDS tape drives (especially DDS-2 and DDS-3 models) slowly go out of alignment as they wear.
In other words, it's possible to write a backup tape, and have it successfully VSTORE on the same drive. But if you have to take that same tape to a different server with a new and in-alignment drive, you could have it not be readable! Trust me on this -- I've had it happen.
If you'll only ever need to read tapes on the same drive as you wrote them, you're still not safe. What happens if you write a tape on a worn drive, have the drive fail at some later date -- and that replacement drive cannot read old backup tapes? Yikes!
July 23, 2014
Migrators make more of mobile support app
A serious share of HP 3000 sites that have migrated to HP's alternative server solutions have cited vendor support as a key reason to leave MPE. Hewlett-Packard has been catering to their vendor-support needs with an iPhone/Android app, one which has gotten a refresh recently.
For customers who have Connected Products via HP's Remote Support technologies, the HP Support Center Mobile (HPSCm) app with Insight Online will automatically display devices which are remotely monitored. The app allows a manager to track service events and related support cases, view device configurations and proactively monitor HP contracts, warranties and service credits.
Using the app requires that the products be linked through the vendor's HP Passport ID. But this is the kind of attempt at improving support communication which 3000 managers wished for back in the 1990s. This is a type of mobile tracking that can be hard to find from independent support companies. To be fair, that's probably because a standard phone call, email or text will yield an immediate indie response rather than a "tell me who you are, again" pre-screener.
But HPSCm does give a manager another way to link to HP support documents (PDF files), something that would be useful if a manager is employing a tablet. That content is similar to what can be seen for free, or subject to contract by public audiences, via the HP Business Portal. (Some of that content is locked behind a HP Passport contract ID.) This kind of support -- for example, you can break into a chat with HP personnel right from the phone or tablet -- represents the service that some large companies seem to demand to operate their enterprise datacenters.
There's also a Self-Solve feature in the HP mobile app, to guide users to documents most likely to help in resolving a support issue. Like the self-check line in the grocery, it's supposed to save time -- unless you've got a rare veggie of a problem to look up.
July 22, 2014
A Week When HP Gave OpenMPE the Floor
3000 community members at HP's facility for the OpenMPE meeting that replaced the scrubbed HP World 2005. From left, Walt McCullough, HP's Craig Fairchild and Mike Paivinen, Birket Foster (standing) and Stan Sieler.
It was a Maple floor, to be exact, in the Maple Room of the HP campus that's now long-demolished. On this day in 2005, in the wake of a washout of the user group Interex and its conference, the OpenMPE board met with HP to earn a space for an all-day meeting. HP extended use of its Maple Room -- where many a product briefing for the 3000 line had been held -- to the advocacy group that had fought for more time and better programs for migration and homesteading users.
In what feels like a long time ago, given all else that has changed, Interex closed its doors during this week in 2005 owing $4 million to companies small and large. The unpaid debts ranged from individuals owed as little as $8.30 on the unserved part of a yearly membership, to HP World booth sponsors who paid $17,000 for a space that the group could not mount in San Francisco. Then there were the hotels, which lost hundreds of thousands of dollars in unpaid room reservation guarantees. At five creditors to a page, the list of people and companies which the user group owed ran to more than 2,000 sheets. The file at the Santa Clara courthouse felt thick in my hands.
There was little money left at the end, too. The Interex checking account held $5,198.40, and a money market fund had $14,271.64 — neither of which was enough to satisfy the total unpaid compensation for an outside sales rep ($65,604 in unpaid commissions) or executive director Ron Evans (who had to forego his last paycheck of $8,225).
That OpenMPE meeting in August, in place of the Interex show, was notable in way that Interex could never manage. 3000 managers and owners could attend via phone and the web, using meeting software that let them ask questions and see slides while they could hear presentations.
July 21, 2014
Maximum Disc Replacement for Series 9x7s
Software vendors, as well as in-house developers, keep Series 9x7 servers available for startup to test software revisions. There are not very many revisions to MPE software anymore, but we continue to see some of these oldest PA-RISC servers churning along in work environments.
9x7s, you may ask -- they're retired long ago, aren't they? Less than one year ago, one reseller was offering a trio for between $1,800 (a Series 947) and $3,200. Five years ago this week, tech experts were examining how to modernize the drives in these venerable beasts. One developer figured in 2009 they'd need their 9x7s for at least five more years. For the record, 9x7s are going to be from the early 1990s, so figure that some of them are beyond 20 years old now.
"They are great for testing how things actually work," one developer reported, "as opposed to what the documentation says, a detail we very much need to know when writing migration software. Also, to this day, if you write and compile software on 6.0, you can just about guarantee that it will run on 6.0, 6.5, 7.0 and 7.5 MPE/iX."
Some of the most vulnerable elements of machines from that epoch include those disk drives. 4GB units are installed inside most of them. Could something else replace these internal drives? It's a valid question for any 3000 that runs with these wee disks, but it becomes even more of an issue with the 9x7s. MPE/iX 7.0 and 7.5 are not operational on that segment of 3000 hardware.
Even though the LDEV1 drive will only support 4GB of space visible to MPE/iX 6.0 and 6.5, there's always LDEV2. You can use virtually any SCSI (SE SCSI or FW SCSI) drive, as long as you have the right interface and connector.
There's a Seagate disk drive that will stand in for something much older that's bearing an HP model number. The ST318416N 18GB Barracuda model -- which was once reported at $75, but now seems to be available for about $200 or so -- is in the 9x7's IOFDATA list of recognized devices, so they should just configure straight in. Even though that Seagate device is only available as refurbished equipment, it's still going to arrive with a one-year warranty. A lot longer than the one on any HP-original 9x7 disks still working in the community.
July 18, 2014
HP gives leadership to Whitman top-down
Hewlett-Packard announced that it's giving the leadership of its board of directors to CEO Meg Whitman, after two chairmen had led the board but not the company in the years following CEO Mark Hurd's ouster.
Whitman joined the HP board in 2011, arriving about five months after Hurd left the company, but she didn't take her CEO role until the fall of that year. She's wrapping up her third year as CEO. Analysts see the addition of chairman to her duties as proof that HP's now her company to lead in totality.
Over the last two decades, only three other people have chaired the HP board as well as held the CEO role: Hurd, Carly Fiorina and Lew Platt. It's usually been an ultimate vote of confidence about a CEO's track record. None of the CEOs began their leadership of the company while heading up the board as well. Platt took his chairman's role from founder David Packard within a year of becoming CEO. Fiorina took the post from Dick Hackborn, 14 months after becoming CEO. Whitman becomes the third woman ever to lead the HP board, following Fiorina and Patricia Dunn. The latter took her job in the wake of Fiorina's ouster.
Leadership of Hewlett-Packard remains an issue for the migrated as well as migrating 3000 customers -- at least those who are investing in HP's alternatives to MPE. Whitman's record since taking her CEO duties has been admirable and at times heroic. She presided over a company in the early winter of 2012 with a stock valued at under $12 a share. In the course of her CEO term, Whitman's weathered the detritus of weak acquisitions such as Autonomy as well as the steep slowing of its services business growth. Whitman voted for Autonomy's acquisition as a board member, early in her directorship. But since 2013 she has championed growth through R&D rather than purchasing companies such as EDS and Compaq.
The board now contains only one longstanding HP employee, Ann Livermore, who serves as executive advisor to Whitman. More than 15 years ago, Livermore was passed over for the CEO job in favor of Fiorina -- but Livermore represents one of the last board members whose pedigree is in technology rather than business management. Livermore has been an HP employee since 1982.
Ralph Whitworth, who's reported to be in poor health, resigned the chairmanship he held since last year to make way for Whitman, as well as vacating his board seat. Klaus Kleinfeld, chairman and chief executive of Alcoa, arrives at the board to take Whitworth's seat.
July 17, 2014
TBT: When users posterized HP's strategy
The Orange County Register captured this picture of the football-field sized poster that users assembled to call notice to the 3000 at the annual Interex show. We offer it in our collection of ThrowBack Thursday photos. Click on it for detail.
Recent news about a decline in the health of community guru Jeff Kell sparked a link to another 3000 icon: Wirt Atmar. The founder of AICS Research shared some medical conditions with Kell, but Wirt was never at a loss for gusto and panache. Twenty-eight years ago he started a print job in July, one that wouldn't be complete until the following month, when HP World convened in Anaheim. The 1996 show was held not too far from a high school football field -- one where ardent users of the 3000 wanted to make publicity for their beloved MPE server.
Thousands of panels rolled out of Wirt's HP DesignJet plotter, driven by an HP 3000 at his Las Cruces, New Mexico headquarters, each making up a small section of the World's Largest Poster. HP had set the record for largest poster just a few months earlier, with a basketball court's worth of 8x11 sheets, placed carefully to make a giant picture of Mickey Mouse. Wirt and his league of extraordinary advocates took on another element while they aimed at a bigger poster, by far. This World's Largest Poster was to be assembled outdoors, in the Santa Ana winds of Southern California.
All morning on that summer day the winds continued to climb, testing the resolve of a growing number of volunteers. Panels would spring up in the breeze, which seemed to flow from every possible direction. Atmar, whose company had printed the thousands of panels over a six week period and who had driven the poster in a U-Haul truck from New Mexico, stood alongside the poster's edge and gave instruction on holding it in place, using gutter-width roofing nails pressed into the turf.
But by 11 AM, no more nails were on hand, and the question was on everyone's lips -- where are they? The winds climbed with the sun in the sky, and volunteers were forced to use shoes and poster tubes to hold the panels in place. As a section would rise up, dedicated customers would call out,"It's coming up!" and then race to tack it in place, an organic version of a fault-tolerant system.
The document of about 36,000 square feet was somehow kept in place on the high school football field. The work of printing began in July. When Wirt was finally able to point across the field, at the completed poster, he breathed a sigh of relief and good natured fatigue. He quipped that after printing the four-foot rolls of paper needed for the poster, loading them into a van for the trip to California represented “the summer corporate fitness program for AICS Research.”
July 16, 2014
Kell carries key account of 3000 revival
We've come to learn that community icon Jeff Kell is battling a serious illness. While I wish this keystone of MPE wisdom a quick recovery, and the best wishes to his wife, I'd like to share some insights he relayed about the transition from Classic 3000s to the ultimate edition of the server he's worked on and cared for most of his career at the University of Tennessee at Chattanooga.
I'd asked Kell to explain what the HP CEO during that transition era, John Young, might have been talking about while the CEO told Computerworld in 1985 about the strategy of RISC. As the clipping from Computerworld to the left shows, Young was a lot less than clear about what RISC would do for HP's long-term computing plans. A comment in the second paragraph of the clipping -- about networking, one of Kell's most ardent studies -- made me want to reach out to him earlier this summer. Young's conflation of "9000 series terminals emulated the 3000 architecture in some ways, but not really completely" was something Kell could clear up.
I'm not aware of any similarities [Young noted] between 3000/9000 Series except after adoption of RISC, and they used the same processors/hardware. They may have shared some peripheral hardware earlier, but certainly had little in common until RISC. The 3000/9000 had practically nothing in common prior to that other than perhaps HP-IB peripherals.
Network-wise, the 9000-series was following the ARPA/Ethernet track, while the 3000 initially started down the IEEE/OSI architecture. Ethernet was only accepted by the 3000 as an afterthought, it was a checkbox on the NMCONFIG dialogue if you wanted to allow it, and it defaulted to OFF.
So unless Young was talking post-RISC (timeframe is wrong), I'm not sure how he would compare 3000/9000 lines at all. The initial RISC 3000s were in the last half of the 1980s. If I recall correctly, my "migration training" to the "new" 3000s was at the Atlanta response center around 1985 (or a little later) and we were expecting a 930. We ended up with a 950 (since the 930 sucked so badly.) But I do recall many of the details.
July 15, 2014
3000 jobs still swinging their shingles
The Help Wanted sign remains out in the 3000 community for a couple of positions this week, genuine jobs that involve no migration of the server out of datacenters. Multiple offers inside the same week might actually give the employers a chance to compete with one another. But given the limited number of openings for MPE work, applicants aren't likely to be using one offer to leverage another.
At Cerro Wire, IT Director Herb Statham is looking for a programmer/analyst. Cerro Wire manufactures and distributes electrical wire for the residential and commercial building industries. Statham has been in the news in the past as an IT pro with a serious interest in the Stromasys emulator. Emulator interest has been known to be an indicator of a stable future for MPE applications.
Statham is looking for a P/A who knows COBOL for the 3000, IMAGE, MPE, and Suprtool. There's also Qedit, Adager, Netbase, Bridgeware, and byRequest running at the site in north central Alabama. The job's tasks run to development, change implementation, documentation and design, as well as planning. Applicants can send a resume to Statham at his email address.
Over at Measurement Specialties, the job we first noted near the end of June remains open. Business Systems Director Terry Simpkins is still open to reviewing resumes for a Business Analyst post.
July 14, 2014
Protecting a Server from DDoS Attacks
For anybody employing a more Web-ready server OS than MPE, or any such server attached to a network, Distributed Denial of Service (DDoS) presents a hot security and service-level threat. Migrating sites will do well to study up on these hacks. In the second of two parts, our security writer Steve Hardwick shares preventative measures to reduce the impacts to commodity-caliber enterprise computing such as Linux, Unix or Windows.
By Steve Hardwick, CISSP
DDoS attacks can be very nasty and difficult to mitigate. However, with the correct understanding of both the source and impact of these attacks, precautions can be taken to reduce their impact. This includes preventing endpoints from being used as part of a botnet to attack other networks. For example, a DDoS virus may not affect the infected computer, but it could wreak havoc on the intended target.
One legitimate question is why a DDoS attack be would used. There are two main reasons:
1) As a primary attack model. For example, a group of hacktivists want to take down a specific website. A virus is constructed that specifically targets the site and then is remotely triggered. The target site is now under serious attack.
2) As part of a multi stage attack. A firewall is attacked by an amplified Ping Flood attack. The firewall can eventually give up and re-boot (sometimes referred to as “failing over”). The firewall may reboot in a “safe” mode, fail over, or back-up configuration. In many cases this back-up configuration contains minimal programming and is a lot easier to breach and launch the next phase of the attack. I've had experiences where the default fail-over configuration of a router was wide open -- allowing unfiltered in-bound traffic.
DDoS attacks are difficult to mitigate, as they attack several levels of the network. However, there are some best practices that can be employed to help lessen the threat of DDoS attacks.
July 11, 2014
Understanding the Roots of DDoS Attacks
Editor’s Note: While the summertime of pace of business is upon us all, the heat of security threats remains as high as this season's temperatures. Only weeks ago, scores of major websites, hosted on popular MPE replacement Linux servers, were knocked out of service by Distributed Denial of Service DDoS attacks. Even our mainline blog host TypePad was taken down. It can happen to anybody employing a more Web-ready server OS than MPE, to any such server attached to a network -- so migrating sites will do well to study up on these hacks. Our security writer Steve Hardwick shares background today, and preventative measures next time.
By Steve Hardwick, CISSP
Distributed Denial of Service (DDoS) is a virulent attack that is growing in number over the past couple of years. The NSFOCUS DDoS Threat Report 2013 recorded 244,703 incidents of DDoS attacks throughout last year. Perhaps the best way to understand this attack is to first look at Denial Of Service, (DoS) attacks. The focus of a DoS attack is to remove the ability of a network device to accept incoming traffic. DoS attacks can target firewalls, routers, servers or even personal computers. The goal is to overload the network interface such that it either it unable to function or it shuts down.
A simple example of such an attack is a Local Area Network Denial. This LAND attack was first seen around 1997. It is accomplished by creating a specially constructed PING packet. The normal function of ping is to take the incoming packet and send a response to the source machine, as denoted by the source address in the packet header. In a LAND attack, the source IP address is spoofed and the IP address of the target is placed in the source address location. When the target gets the packet, it will send the ping response to the source address, which is its own address. This will cause the target machine to repeatedly send responses to itself and overload the network interface. Although not really a threat today, some older versions of operating systems -- such as the still-in-enterprises Windows XP SP2, or Mac OS MacTCP 7.6.1 -- are susceptible to LAND attacks.
So where does the Distributed part come from? Many DoS attacks rely on the target machine to create runaway conditions that cause the generation of a torrent of traffic that floods the network interface. An alternative approach uses a collaborative group of external machines to source the attack. For example, a virus can be written that sends multiple emails to a single email address. The virus also contains code to send it to everyone in the recipient's email address book. Before long, the targeted server is receiving thousands of emails per hour -- and the mail server becomes overloaded and effectively useless.