Keeping legacy secure relies on classic resources

Earlier this year, Yahoo agreed to pay out $116 million for security breaches. The hacks happened over a three year period, and Yahoo is now part of the Verizon empire. If a tech giant like Verizon can’t secure its servers, what chance do legacy owners have?

Security by obscurity for outward-facing MPE/iX systems isn’t much protection. Such high-test security that is protecting the world’s most public systems seems to be failing as well. A few years ago, the US Office of Personnel Management had its systems hacked. Millions of fingerprints were stolen from the OPM.

Hewlett-Packard built good intra-3000 security into MPE/iX, and third parties made it even more robust. Security is built-in for MPE/iX, but understanding how it works might be a lost art at some sites.

The fundamentals of securing an MPE/iX system go way back. A Wayback server of sorts at the 3k Ranger website provides HP’s security advice from 1994. It’s still valid for anyone, especially a new operator or datacenter employee who’s got a 3000 to manage. They just don’t teach this stuff anymore. 3000s get orphaned in datacenters when the MPE/iX pros move on into retirement or new careers.

The third-party advice helps. A direct link to the Ranger webpage can be a refresher course for any new generation of 3000 minders.

Self-care for security

Managers of MPE/iX systems need to look out for themselves in securing HP 3000s. Hewlett-Packard gave up on the task long ago. In the era that led to the end of 3000 operations at HP, the vendor warned that its software updates for MPE/iX were going to be limited to security repairs after 2008. They weren’t kidding. The very last archived HP 3000 security bulletin on the HP Enterprise website had stern advice for a DNS poisoning risk.

BIND/iX and DNS were marvels for MPE/iX platforms in the 1990s. HP told all its customers early in 2009 that for that year’s DNS poisoning attack, “The resolution is to discontinue the use of BIND/iX and migrate DNS services to another platform.” Ouch.

HP’s 3000 group did its part to bring the community up to date a year earlier. Another resource on the 3k Ranger site is a Powerpoint slide deck from Jeff Bandle, an HP MPE/iX engineer at the time. The presentation of MPE/iX Network Security: An Overview appears to represent HP’s final word on securing HP 3000 networks. If there’s ever any need at a legacy site to show a network manager which MPE/iX networking services are controlled by configuration files, Bandle’s slide deck has a comprehensive list on slide 29-35.

Leave a Reply