1 / 25

Strengthening NonStop Security with XYGATE Software

Strengthening NonStop Security with XYGATE Software. Speaker: Sean Bicknell. 5. Agenda. Why focus on Security? XYPRO Overview Beyond Guardian & Safeguard with XYGATE Questions. Why focus on Security?. 4q0501. Why focus on Security?. Regulations

zora
Download Presentation

Strengthening NonStop Security with XYGATE Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Strengthening NonStop Security with XYGATE Software Speaker: Sean Bicknell 5

  2. Agenda • Why focus on Security? • XYPRO Overview • Beyond Guardian & Safeguard with XYGATE • Questions

  3. Why focus on Security? 4q0501

  4. Why focus on Security? • Regulations • Governments, Regulatory Bodies, Trade Organisations • PCI, SOX, Basel II, CISP, Data Protection Acts • Auditors • Secrecy of sensitive information • Ensuring availability and integrity of system • Prevention of Corporate Scandal • Financial Protection 4q0501

  5. Regulatory Compliance • PCI……… • 1. Firewalls • 2. Eliminate vendor defaults • 3. Protect stored data • 4. Encrypt data in transit • 5. Use and update Anti-virus software • 6. Develop & maintain secure systems & applications • 7. Restrict access by “need-to-know” • 8. Assign a unique ID to each user who has access • 9. Restrict physical access to cardholder data • 10. Track and monitor all access to cardholder data • 11. Regularly test security systems & processes • 12. Maintain a policy that addresses information security

  6. Regulatory Compliance papers • “PCI & SOX Compliance” solutions papers show where PCI & Sarbanes-Oxley applies to HP NonStop Server enterprises. • Also demonstrates how XYGATE software helps IT managers’ compliance efforts. • Product tables describe each PCI or SOX objective and which XYGATE module helps compliance.

  7. PCI & SOX Solutions white papers

  8. Download Compliance Solution Papers Download from www.xypro.com

  9. About XYPRO Technology • Producers of XYGATE security software • HP NonStop Security Experts • Proven Performers & Business Partners • XYGATE security software since 1990 • Large Customer Base • Financial Institutions • Government, Military, Telecoms, ISPs, Manufacturing, Health • Many countries USA, UK, Europe, Africa, Asia

  10. Security Best Practices for the NonStop Server • Written by XYPRO • Published by HP http://www.hp.com/hpbooks

  11. NonStop Server Platform Security Multi-platform Encryption Software • Access • PRO • Grant privileges • according to • job function • Access control • Process control • CMON logon • control & load • balancing • Spooler & print • job management • Audit • PRO • Consolidate audit • data across • many nodes • Multi-node view • Multi-source • audits: XYGATE, • Safeguard . . . • Single repository • for all audit data • Automatic alerts • Compliance • PRO • Develop & monitor • security policy • compliance • Multi-node data • collection & view • Best practice • analysis • Anomaly & • exception mgmt • System integrity • checks • Safeguard • PRO • Simplify & enhance • Safeguard • environments • User, alias, globals, • object ACL mgmt • Dynamic object • security • Password quality • & updating • User authentication • Encryption • PRO • Protect business • data: at rest • and in transit • Full crypto library • Multi-platform • support • ESDK to crypto- • enable via APIs • File encryption • Static key mgmt • Session security XYGATE GUI The XYGATE Product Suite

  12. XYGATE Access Pro XYGATE AC (Access Control) • Reduce usage of powerful userids such as super.super • Authorise users to run regular tasks normally requiring powerful userid, from their own userid • Command level security E.g. (1) Start SCF session as SUPER user, from personal userid Allow SCF START, ABORT, STATUS, INFO Deny SCF ALTER, DELETE, ADD (2) Start FUP session as DBA user, from personal userid Allow FUP LOAD, RELOAD, INFO, STAT Deny FUP PURGE, PURGEDATA, CREATE

  13. XYGATE Access Pro XYGATE AC (Access Control) • Full capture of all user key strokes (Guardian & OSS) • Audit captured of all actions performed by user including: • Date/Time • Userid/Alias • Command Input • Command Output (configurable) • Terminal Name • IP Address • Process Name

  14. XYGATE Access Pro XYGATE CM (CMON) • Fully supported CMON product • Enforce logon to personal userid before logon to powerful userid such as super.super • Restrict users to logon only from specific IP Address range or terminal name • E.g. super.super only able to logon at system console (TSM) • Deny users the ability to increase process priority

  15. XYGATE Access Pro XYGATE SP (Secure Spoolcom Peruse) • Authorise users to control spooler jobs owned by another user, from their own userid • Restrict which commands a user can perform on those jobs • Restrict which print devices users can send jobs to • Allow printing of spool jobs without allowing reading • E.g. user can send spool job with PIN numbers to a printer, but unable to read the data. • Full auditing of all commands

  16. XYGATE Safeguard Pro XYGATE OS (Object Security) • More granular security than Guardian or Safeguard • Security of objects (files, processes, devices) • Secure on attributes other than name of object • Requesting program, File type, Owner of the object • Full wildcarding of object names • Regular expressions (grep style) • Create rules for objects that don’t exist yet • Vary security of object over time • Creationdate, lastmodified, lastopened • Secure SQL/MP to the table level • Full auditing of all access attempts

  17. XYGATE Safeguard Pro XYGATE SM (Safeguard Manager) • Simplified Safeguard configuration and management • No need to learn Safecom syntax • Full user management • Visibility of existing Safeguard configuration • Drag and drop configuration from one system to another

  18. XYGATE Safeguard Pro XYGATE SR (Safeguard Reports) • Customisable reporting on Safeguard logs • Easy to read reports • Run from host or run from GUI based client • XYGATE Report Manager • Run in batch or on-demand

  19. XYGATE Safeguard Pro XYGATE PQ (Password Quality) • Enforce strong user passwords • Upper & lower case characters • Numbers • Special characters • Repeated characters and consecutive characters • Split passwords • System generated passwords • Ease password administration • Delegate password ownership e.g. helpdesk • Network password synchronisation

  20. XYGATE Safeguard Pro XYGATE UA (User Authentication) • Control of user logons • Who can logon from where (IP address range/terminal) • Which users can logon to powerful userids • Enforce logon to personal userid before super.super • Which program users can logon to (TACL, FTP) • Strong authentication of users • RSA SecurID token/smart card support • Authentication against ACE/Server • Centralised User Administration • LDAP/Active Directory support

  21. XYGATE Audit Pro XYGATE MA (Merged Audit) • Centralised Reporting on all security logs • Use standard PC based reporting tools • MS Access, Crystal Reports • Real time alerting on security events • Safeguard, XYGATE, EMS • Alert via Email, SNMP, EMS, Syslog, custom • Example: super.super logon → email security admin

  22. Email Pathway EMS SQL Database Alerts Custom XYGATE Audit Pro XYGATE MA (Merged Audit)

  23. XYGATE Compliance Pro XYGATE SW (Security Compliance Wizard) • Analyses all security configuration on the system • Monitors compliance against security policy • Easy graphical interface shows pass or fail • Compares configuration with industry best practices • Provides integrity checks to ensure no modification to critical objects • Reduces time and cost to audit system

  24. QUESTIONS ?Whom to contact • Please contact me if you have questions or require any further information. • Sean.Bicknell@XYPRO.co.uk • http://www.xypro.com

More Related