speaker: sean bicknell strengthening nonstop security with xygate software 5
TRANSCRIPT
Speaker: Sean Bicknell
Strengthening NonStop Security with XYGATE Software
5
Agenda
• Why focus on Security?
• XYPRO Overview
• Beyond Guardian & Safeguard with XYGATE
• Questions
Why focus on Security?
4q0501
Why focus on Security?
• Regulations−Governments, Regulatory Bodies, Trade Organisations
−PCI, SOX, Basel II, CISP, Data Protection Acts
−Auditors
• Secrecy of sensitive information• Ensuring availability and integrity of
system• Prevention of Corporate Scandal• Financial Protection
4q0501
Regulatory Compliance• PCI………
−1. Firewalls−2. Eliminate vendor defaults−3. Protect stored data−4. Encrypt data in transit−5. Use and update Anti-virus software−6. Develop & maintain secure systems & applications−7. Restrict access by “need-to-know”−8. Assign a unique ID to each user who has access−9. Restrict physical access to cardholder data−10. Track and monitor all access to cardholder data−11. Regularly test security systems & processes−12. Maintain a policy that addresses information
security
Regulatory Compliance papers
•“PCI & SOX Compliance” solutions papers show where PCI & Sarbanes-Oxley applies to HP NonStop Server enterprises.
•Also demonstrates how XYGATE software helps IT managers’ compliance efforts. −Product tables describe each PCI or SOX
objective and which XYGATE module helps compliance.
PCI & SOX Solutions white papers
Download Compliance Solution PapersDownload from www.xypro.com
About XYPRO Technology
• Producers of XYGATE security software• HP NonStop Security Experts• Proven Performers & Business Partners
−XYGATE security software since 1990
• Large Customer Base−Financial Institutions−Government, Military, Telecoms, ISPs, Manufacturing,
Health−Many countries
USA, UK, Europe, Africa, Asia
Security Best Practices for the NonStop Server
• Written by XYPRO
• Published by HP
http://www.hp.com/hpbooks
The XYGATE Product SuiteThe XYGATE Product Suite
Multi-platform Encryption Software
NonStop Server Platform Security
Encryption PRO
Protect business data: at rest and in transit
•Full crypto library•Multi-platform support •ESDK to crypto- enable via APIs •File encryption•Static key mgmt•Session security
Safeguard PRO
Simplify & enhance Safeguard environments
•User, alias, globals, object ACL mgmt•Dynamic object security•Password quality & updating•User authentication
Compliance PRO
Develop & monitor security policy compliance
•Multi-node data collection & view•Best practice analysis•Anomaly & exception mgmt•System integrity checks
Audit PRO
Consolidate audit data across many nodes
•Multi-node view•Multi-source audits: XYGATE, Safeguard . . . •Single repository for all audit data•Automatic alerts
Access PRO
Grant privileges according to job function
•Access control•Process control•CMON logon control & load balancing•Spooler & print job management
XYGATE GUI
XYGATE Access Pro
XYGATE AC (Access Control)
• Reduce usage of powerful userids such as super.super
• Authorise users to run regular tasks normally requiring powerful userid, from their own userid
• Command level securityE.g. (1) Start SCF session as SUPER user, from personal userid
Allow SCF START, ABORT, STATUS, INFO Deny SCF ALTER, DELETE, ADD
(2) Start FUP session as DBA user, from personal userid
Allow FUP LOAD, RELOAD, INFO, STAT Deny FUP PURGE, PURGEDATA, CREATE
XYGATE Access Pro
XYGATE AC (Access Control)• Full capture of all user key strokes (Guardian &
OSS)
• Audit captured of all actions performed by user including:− Date/Time− Userid/Alias− Command Input− Command Output (configurable)− Terminal Name− IP Address− Process Name
XYGATE Access Pro
XYGATE CM (CMON)• Fully supported CMON product
• Enforce logon to personal userid before logon to powerful userid such as super.super
• Restrict users to logon only from specific IP Address range or terminal name− E.g. super.super only able to logon at system console
(TSM)
• Deny users the ability to increase process priority
XYGATE Access Pro
XYGATE SP (Secure Spoolcom Peruse)• Authorise users to control spooler jobs owned by
another user, from their own userid• Restrict which commands a user can perform on
those jobs• Restrict which print devices users can send jobs to• Allow printing of spool jobs without allowing
reading – E.g. user can send spool job with PIN numbers
to a printer, but unable to read the data.• Full auditing of all commands
XYGATE OS (Object Security)
• More granular security than Guardian or Safeguard• Security of objects (files, processes, devices)• Secure on attributes other than name of object
− Requesting program, File type, Owner of the object
• Full wildcarding of object names− Regular expressions (grep style)
• Create rules for objects that don’t exist yet • Vary security of object over time
− Creationdate, lastmodified, lastopened
• Secure SQL/MP to the table level• Full auditing of all access attempts
XYGATE Safeguard Pro
XYGATE SM (Safeguard Manager)
• Simplified Safeguard configuration and management
• No need to learn Safecom syntax
• Full user management
• Visibility of existing Safeguard configuration
• Drag and drop configuration from one system to another
XYGATE Safeguard Pro
XYGATE SR (Safeguard Reports)• Customisable reporting on Safeguard logs
• Easy to read reports
• Run from host or run from GUI based client− XYGATE Report Manager
• Run in batch or on-demand
XYGATE Safeguard Pro
XYGATE PQ (Password Quality)• Enforce strong user passwords
• Upper & lower case characters• Numbers• Special characters• Repeated characters and consecutive
characters• Split passwords• System generated passwords
• Ease password administration • Delegate password ownership e.g. helpdesk• Network password synchronisation
XYGATE Safeguard Pro
XYGATE UA (User Authentication)• Control of user logons
• Who can logon from where (IP address range/terminal)
• Which users can logon to powerful userids• Enforce logon to personal userid before
super.super• Which program users can logon to (TACL, FTP)
• Strong authentication of users • RSA SecurID token/smart card support• Authentication against ACE/Server
• Centralised User Administration • LDAP/Active Directory support
XYGATE Safeguard Pro
XYGATE Audit Pro
XYGATE MA (Merged Audit)
• Centralised Reporting on all security logs
• Use standard PC based reporting tools• MS Access, Crystal Reports
• Real time alerting on security events • Safeguard, XYGATE, EMS• Alert via Email, SNMP, EMS, Syslog, custom• Example: super.super logon → email security
admin
XYGATE Audit Pro
XYGATE MA (Merged Audit)
Pathway
SQL Database
Alerts
EMS
Custom
XYGATE Compliance Pro
XYGATE SW (Security Compliance Wizard)
• Analyses all security configuration on the system
• Monitors compliance against security policy
• Easy graphical interface shows pass or fail
• Compares configuration with industry best practices
• Provides integrity checks to ensure no modification to critical objects
• Reduces time and cost to audit system
• Please contact me if you have questions or require any further information.
2. http://www.xypro.com
QUESTIONS ?
Whom to contact