Staying Secure with MPE/iX Now and Then
October 6, 2017
The IT news is full of reports about security breaches. If an Equifax system with 143 million records can be breached, then Yahoo's 3 billion email accounts were not far behind, were they?
Security by obscurity for outward-facing MPE/iX systems isn't much protection. The high-test security that is protecting the world's most public systems seems to failing, too. A few years ago, the US Office of Personnel Management had its systems hacked. Millions of fingerprints were stolen from there.
Hewlett-Packard built good intra-3000 security into MPE/iX, and third parties made it even more robust. Back in the 1980s, I wrote a manual for such a product called EnGarde that made MPE/iX permissions easier to manage. Vesoft created Security/3000 as the last word in protecting 3000s and MPE/iX data. Eugene Volokh's Burn Before Reading was an early touchstone. The magic of SM was a topic explored by 3000 legend Bob Green in a Newswire column.
Homesteading managers will do well to make a place in their datacenter budgets for support of the 3000. Security is built-in for MPE/iX, but understanding how it works might be a lost art at some sites.
The fundamentals of securing an MPE/iX system go way back. A wayback server of sorts at the 3k Ranger website provides HP's security advice from 1994. It's still valid for anyone, especially a new operator or datacenter employee who's got a 3000 to manage. They just don't teach this stuff anymore. 3000s get orphaned in datacenters when the MPE/iX pros move on into retirement or new careers.
The printed advice helps. A direct link to the Ranger webpage can be a refresher course for any new generation of 3000 minders.
Managers of MPE/iX systems need to look out for themselves in securing HP 3000s. Hewlett-Packard gave up on the task long ago. In the era that led to the end of 3000 operations at HP, the vendor warned that its software updates for MPE/iX were going to be limited to security repairs after 2008. They weren't kidding. The very last archived HP 3000 security bulletin on the HP Enterprise website had stern advice for a DNS poisoning risk.
HP's 3000 group did its part to bring the community up to date during that year of 2008. Another resource on the 3k Ranger site is a Powerpoint slide deck from Jeff Bandle, an HP MPE/iX engineer at the time. The presentation of MPE/iX Network Security: An Overview is only nine years old, but by now it appears to represent HP's final word on securing HP 3000 networks. If there's ever any need at a homesteading site to show a network manager which MPE/iX networking services are controlled by configuration files, Bandle's slides have a comprehensive list on pages 29-35.
This stuff might be lost if not for the redundant archiving among the community's support resources. A DIY approach is possible for experienced managers. A guide to help navigate the advice is even better. Much of the homesteading community would be best served by a support contract with one of the remaining 3000 resources like Pivital Solutions.