In the early part of my career, I attended a forum on information security convened by the Office of Technology Assessment for the United States Congress. As a cryptography researcher, I was expecting
HP NonStop Server Security again renews this perspective, and takes it one step further.
Cryptography researchers have identified many good design principles for algorithms, which have resulted in a number of
To make a full system secure, however, administrators need more than good ideas. While there may be only a few algorithms in use, a system has many
HP NonStop Server Security
provides that kind of information. Direct and
HP NonStop Servers protect critical resources for organizations worldwide, so it is no surprise that they would be potential targets of attack. HP NonStop Server Security is a helpful addition to organizations' tools for managing these systems, and in their panoply in the continuing battle for information security.
Burt Kaliski RSA Laboratories Bedford, Massachusetts, USA
August 12, 2003
This handbook represents the efforts of many individuals at
XYPRO, who collectively have over 200
There hasn't been a comprehensive publication on this topic since the early 1990's. The lack of reference material for the Guardian Operating system prompted us to author this book in the hopes that it would facilitate securing the HP NonStop server. We at XYPRO believe in this platform and have dedicated 20 years to developing software to take advantage of its unmatched functionality, reliability and scalability.
Plenty of other companies believe in NonStop servers too.
According to a 1999 Research Note from D. H. Brown Associates,
Inc., NonStop servers process 66 percent of the credit card
transactions, 95 percent of securities transactions, and 80 percent
of automated teller machine (ATM) transactions. They also
participate in 75 percent of electronic funds transfers (EFT)
networks. According to the Gartner Group, NonStop servers are the
only out of the box
This handbook seeks to familiarize auditors and those responsible for security configuration and monitoring, with the aspects of the HP NonStop server operating system that make the NonStop Server unique, the security risks these aspects create, and the best ways to mitigate these risks.
Please remember that the needs of the corporation, computer center, applications and customers must always take precedence over our recommended Best Practices in the environment. Use this handbook as a guideline, not a rule.
This handbook has been organized to address topics as units. This is particularly true for discussions about Safeguard.
Each section also includes Discovery, Best Practices, and Recommendations.
{% if main.adsdop %}{% include 'adsenceinline.tpl' %}{% endif %}
The HP NonStop server's subsystems have been presented in a
logical manner, beginning with the subsystems that make up the
Operating System itself, native Guardian security, and Safeguard
and continuing through user administration, how users are
authenticated when attempting to access the HP NonStop server and
how each
Because securing the information on an HP NonStop server is primarily implemented via the principles of access control, the handbook is organized based on these principles.
We hope you enjoy this handbook and find the information interesting and useful. We had a great time writing it.
Without the assistance of individuals outside of XYPRO this book simply wouldn't have been published.
We are very grateful to have met and had the opportunity to work
with the fine folks at Digital Press, including Theron Shreve.
Thanks also to Alan Rose of Multi- science Press, and Darrell Judd.
They said it was impossible to publish this book within the
timeframe. It turns out their specialty is making the
Very special thanks go to Mark Chapman for his impeccable editing skills as well as to Walter Bruce and Ron La Pedis for their encouragement. Their feedback proved invaluable.
And finally, thanks to the originators of the HP NonStop Server.