« Data on 3000s still needs to be synched | Main | Keeping Watch On Answers From Support »

October 06, 2017

Staying Secure with MPE/iX Now and Then

The IT news is full of reports about security breeches. If an Equifax system with 143 million records can be breeched, then Yahoo's 3 billion email accounts were not far behind, were they? Security by obscurity for outward-facing MPE/iX systems isn't much protection. That being said, the high-test security that is protecting the world's most public systems seems to failing, too. A few years ago, the US Office of Personnel Management had its systems hacked. Millions of fingerprints were stolen from there.

Hewlett-Packard built good intra-3000 security into MPE/iX, and third parties made it even more robust. Back in the 1980s I wrote a manual for such a product called EnGarde that made MPE/iX permissions easier to manage. Vesoft created Security/3000 as the last word in protecting 3000s and MPE/iX data. Eugene Volokh's Burn Before Reading was an early touchstone. The magic of SM was a topic explored by 3000 legend Bob Green in a Newswire column.

Homesteading managers will do well to make a place in their datacenter budgets for support of the 3000. Security is built-in for MPE/iX, but understanding how it works might be a lost art at some sites.

The fundamentals of securing an MPE/iX system go way back. A wayback server of sorts at the 3k Ranger website provides HP's security advice from 1994. It's still valid for anyone, especially a new operator or datacenter employee who's got a 3000 to manage. They just don't teach this stuff anymore. 3000s get orphaned in datacenters when the MPE/iX pros move on into retirement or new careers.

The printed advice helps. A direct link to the Ranger webpage can be a refresher course for any new generation of 3000 minders.

Managers of MPE/iX systems need to look out for themselves in securing HP 3000s. Hewlett-Packard gave up on the task long ago. In the era that led to the end of 3000 operations at HP, the vendor warned that its software updates for MPE/iX were going to be limited to security repairs after 2008. They weren't kidding. The very last archived HP 3000 security bulletin on the HP Enterprise website had stern advice for a DNS poisoning risk.

BIND/iX and DNS were marvels for MPE/iX platforms in the 1990s. HP told all its customers early in 2009 that for that year's DNS poisoning, "The resolution is to discontinue the use of BIND/iX and migrate DNS services to another platform." Ouch.

HP's 3000 group did its part to bring the community up to date during that year of 2008. Another resource on the 3k Ranger site is a Powerpoint slide deck from Jeff Bandle, an HP MPE/iX engineer at the time. The presentation of MPE/iX Network Security: An Overview is only nine years old, but by now it appears to represent HP's final word on securing HP 3000 networks. If there's ever any need at a homesteading site to show a network manager which MPE/iX networking services are controlled by configuration files, Bandle's slides have a complehensive list on pages 29-35.

This stuff might be lost if not for the redundant archiving among the community's support resources. A DIY approach is possible for experienced managers. A guide to help navigate the advice is even better. Much of the homesteading community would be best served by a support contract with one of the remaining 3000 resources like Pivital Solutions.

 

01:07 PM in Hidden Value, Homesteading, Web Resources | Permalink

Comments

Comments

The comments to this entry are closed.