XYPRO’s Top 10 HP NonStop Security Fundamentals

Because high-availability and fault-tolerant systems need strong security

Does it make sense to have high-availability and fault-tolerance without strong security? We at XYPRO don’t think so. We recognize that companies run their most important business applications and processes on the NonStop server platform and keeping those assets safe from data loss, tampering and inadvertent harm is mission critical.

XYPRO has been providing HP NonStop server security solutions for over 30 years—we’ve literally written the books on NonStop security—and we’ve assembled an informal “Top 10” list of HP NonStop security fundamentals.

Top 10 NonStop Security Fundamentals (in descending order)

#10: Secure the default system access settings
To facilitate initial configuration and set-up, HP NonStop servers come with a number of default security settings—to have a well-protected HP NonStop system, many of these default settings need to be addressed.

#9: Set-up strong Safeguard authentication and password controls
Establishing strong user authentication and password management controls are critical aspects of any security program and are a major requirement for meeting PCI DSS compliance.

#8: Ensure individual accountability (no shared IDs!)
Security best practices and industry regulations, like PCI DSS, require users to have unique userids so that there is clear accountability. This also facilitates effective auditing, remediation and management of individual user rights and access.

#7: Establish granular control of user activity
Increasing the granularity of control builds on security concepts discussed in earlier HP NonStop fundamentals and goes deeper into specific system areas which need closer security management.

#6: Audit all actions of privileged access users
A thorough logging and auditing program for privileged users establishes the means for strong oversight over users with the greatest security access rights and who, therefore, may pose the greatest potential risk to the system.

#5: Strengthen access management with role-based access control (RBAC)
Role-based access control (RBAC) is a security approach in which system access and permission rights are grouped according to user roles and then individual users are assigned to a role. RBAC simplifies security administration and can enable a greater degree of security and control for your HP NonStop systems.

#4: Dynamically secure all NonStop system resource objects
Resource objects are key parts of your NonStop system and must be fully secured. While Safeguard provides some capabilities to do this, a best practice approach is to use a third-party tool that enables rule flexibility, expands security attributes and provides strong security to not just the Guardian subsystem but OSS, as well.

#3: Protect sensitive data
Data can be an organization’s most valuable treasure and it’s a major target for cyber-criminals. Encryption and/or tokenization are critical solutions for protecting sensitive data, reducing the scope of regulatory compliance, and neutralizing the impact of a data breach.

#2: Continuously monitor security compliance
Ensuring compliance is a critical aspect of any IT security program and compliance monitoring solutions provide the means to systematically measure, manage and report on a complex and dynamic HP NonStop security environment.

#1: Audit all security-related activity and events
It can be summarized as “audit everything” to ensure complete visibility of security-related events on the HP NonStop. This is such an important aspect of security that HP bundles XYPRO’s logging and auditing solution, XMA, with every new HP NonStop server. Please make sure to take full advantage XMA’s power capabilities.

For more information or help: More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HP NonStop Server Security: A Practical Handbook and Securing HP NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL.

You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX).

2 Responses to “XYPRO’s Top 10 HP NonStop Security Fundamentals”

  1. [...] for protecting your mission critical systems and applications—you can review the full list of Top 10 NonStop Security Fundamentals on XYPRO’s [...]

  2. [...] series published over the course of last year: XYPRO’s Top 10 HP NonStop Security Fundamentals:http://blog.xypro.com/?p=534 Protecting mission-critical systems has many aspects and can seem overwhelming at times; XYPRO’s [...]

Leave a Reply