Publisher seeks security to homestead 3000
September 13, 2011
Securing file transfers is a task on the critical path to keeping an HP 3000 in service at one of the larger publishers in the US. An IT pro there who's managing a 3000 at the corporation said the company is using an N-Class server and is nearly complete on PCI compliance.
"We are PCI compliant on everything except FTP," she said, "so we are looking at SFTP. We don’t allow anyone to come into our system, so I think we can use what is out there, if I can get to it."
The manager added that she’s trying to get to the components OpenSSL, OpenSSH, perl and a GNU C compiler for MPE/iX. OpenSSL was ported to the 3000 by HP, and the rest were developed and ported by volunteers in its community. Ken Hirsh, an early user of the Invent3K development server, worked his way through porting many pieces of the OpenSSH security package, but his development work dates back to the start of the prior decade. That work needs updating to remain suitable for a production environment, according to open source expert Brian Edminster.
"Without them, one of my clients would have had to give up use of their 3000s nearly a decade ago over PCI concerns. And nobody would have been able to serve up secure web transactions from their 3000 without OpenSSH and OpenSSL. Both applications are overdue for a refresh of their ports."
Edminster said he was launching an engagement with another 3000 shop that’s seeking security. "They aren’t that different than most 3000 shops, in that they have a small operations staff, which can be both a blessing and a curse. Small can mean flexible and nimble, and small can also mean narrow selections of talent and little time to spare. I can also tell you that they are a heterogeneous shop — and that making sure all the different systems play well together, both hardware and software, is important."