There have been numerous posts and tweets coming from the NonStop vendor community following RUG events worldwide: ETBC,...
The Importance of Security Hardening of your NonStop Platform
What is Security Hardening?
In simple terms, security hardening involves applying best practices to your system and verifying that these practices are in place. A major objective of Compliance, security hardening involves the implementation of a series of measures designed to make a system less vulnerable to attacks. A “hardened” system will have better security layers making it more difficult to be compromised.
Obvious security recommendations, such as the use of strong passwords, are helpful measures when trying to prevent breaches or hacks. However, implementing stronger defenses, such as ensuring strong OSS access permissions, can be more challenging to carry out without correct guidance. Information regarding security hardening practices tends to be scattered, difficult to analyze and execute.
Why is Security Hardening Important?
A system which has not been properly hardened against an attack is increasingly a tangible and quantifiable risk.
Security breaches, loss of personal data, stolen credit card information, etc., have all become daily occurrences in the modern world and, as NonStop systems move into the x86 platform, more applications will likely be ported to OSS. This means that after an x86 migration, the availability of open source tools being placed in environments in which they could not previously be placed will increase dramatically.
Ensuring that your system is hardened will not only make it more resistant to attacks, but will also prevent internal users from making unintended mistakes that can cause loss or damage.
Hardening a system is not only relevant when trying to prevent potential breaches or insider attacks but also to avert “drift and decay” of security settings that have already been implemented. Drift and decay occurs when security settings that had been applied in accordance with corporate and legal policies (baseline security) were changed over time and due to various reasons but were not reset to their intended values. This means that a system that was once secure might now have vulnerabilities ranging from orphan files and orphan users to file and directory settings that are no longer compliant with policy.
Even if an OSS environment is limited to IBM MQ or SQLMX, for example, creating and applying a general OSS security policy is strongly recommended given that OSS system environments which have not been properly secured can easily be hacked.
One of the key challenges facing the NonStop platform is limited expert availability. An expert user must handle all of the NonStop’s critical operations and also train non-experts to perform general tasks in order to alleviate their workload. CSP understands this and has developed a tool that was built to do that work for you – Protect-X®.
Let the Expert Handle It! – Automated Expert Compliance Without the Expert
Protect-X® is a powerful tool that can be completely customized to suit your specific needs. It places all the power in your hands, but simplifies and automates many of the routine tasks.
Protect-X® user interface
One of the key advantages of Protect-X® is that once configured, non-experts can ensure compliance standards are being properly maintained. Any changes requested must be authorized by an expert administrator before they can be implemented.
The use of Protect-X® is completely roles-based. This allows for an expert to delegate and assign tasks to non-experts by assigning them a customizable role. Non-expert users can then confidently carry out day-to-day functions with ease.
Protect-X® File Security
With Protect-X® you can also easily compare your systems’ settings against industry-standard hardening policies, gaining a quick visual overview of compliance vulnerabilities. It supports OSS hardening and permissions management, as well as Safeguard Globals compliance and User, Alias and Group management. Further 2018 releases will support Safeguard User compliance, Safeguard Hardening and Compliance, flexible reporting and many other advanced features.
The Protect-X® interface makes it easy to view current system details and adjust settings as necessary to bring them in compliance with accepted or locally-set standards. Compliance checks and reports may be run either on a one-time or regularly scheduled basis. Any changes are subject to Protect-X®’s change management function, allowing responsibility for security activities to be distributed among many users while retaining overall administrative control. All changes, whether just proposed or implemented, are captured in the system audit log, which can be forwarded to your SIEM system.
Protect-X® SafeGuard Globals
Protect-X® hardening compliance status
Protect-X® can be trialed on our test site at CSP or on your own site as preferred:
Request a Test Drive of Protect-X® Today!
For more information on CSP solutions visit www.cspsecurity.com
For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com
We Built the Wiki for NonStop Security ®
The CSP Team
+1(905) 568 – 8900