To The viaLink Company, providing a highly secure platform for its customers was more than food for thought. The Dallas-based firm, which provides e-commerce tools to the food services industry, overhauled its IT platform about five years ago, shifting from a homogenized collection of servers to an environment powered by Hewlett Packard Co.'s HP-UX 11i operating system.
ViaLink's customers include manufacturers, suppliers, wholesalers and distributors who need a highly secure data platform as they drive more business to the Web.
"We started on Windows NT, with our only database on a Unix server, and at the time it was running AIX,IBM Corp.'s version of Unix. When we finally got to the point where we were able to build a reasonable environment to support our applications, we were choosing between AIX, HP, Sun, Microsystems Inc., and, of course, NT," said Dusan Hrasko, viaLink's IT director.
ViaLink wanted to give clients a seamless window into back-end databases for ordering and inventory, while still guaranteeing the security of the data. Concerns about NT's stability eliminated it from consideration. The company needed a highly stable, secure platform for its always-on environment and began examining which Unix machines fit its needs. Hrasko says that HP-UX was chosen based on its security hardening; additionally, in-house IT staff had considerable experience working on the platform. ViaLink also installed an add-on HP operating system, called Virtual Vault, to provide an extra layer of security for customers using its online Web servers.
HP's security upgrades are long overdue, said James McIntyre, head of the HP/Linux consulting firm McIntyre & Associates Inc. of Radford, Va. "HP has finally joined the rest of the Unix community by providing administrators with more tools to turn services off and on."
Included are tools for detecting and defusing potential internal security threats, especially those close to the system. One feature, stack buffer overflow, fortifies a common hole that hackers like to exploit. When this hole is not protected, it's possible for someone outside your enterprise to write rogue code to your operating system and then begin executing Trojan horses or other malicious executables.
Other features are embedded into the operating system to act as component-style software. For example, a host-based intrusion-detection system (IDS) uses the kernel audit data system to detect suspicious user behaviors and generate real-time security alerts about potential vulnerabilities. This differs from IDS technologies that monitor network traffic for signature-based password anomalies.
An older feature, IPFilter, has been upgraded to configure firewall blocking and enable failover from other systems. Tools for maintaining security patches also are part of the base operating system.
HP hopes the improvements will help HP-UX leapfrog over competing products, like Sun's Solaris operating environment and AIX 5L. "We tested HP-UX against the top 10 Unix vulnerabilities listed on SANS.org, and the security features detected every one," said Walter Schramm, security products marketing manager for HP-UX.
The hype has not gone unnoticed. D.H. Brown Associates Inc., a research firm in Port Chester, N.Y, rated HP-UX 11i as the Number One Unix operating system in a report released earlier this year.
D.H. Brown gave HP-UX the highest marks in five critical areas: reliability, availability and serviceability; Internet and Web application services; directory and security services; systems management and scalability.
Not everyone agrees. Richard Stiennon, an analyst with research firm Gartner Inc., of Stamford, Conn., said that installations of HP-UX should be less of a headache now that servers are being shipped with fewer ports open. But he says users should not assume that HP-UX is more highly secure just because HP says so.
"I do not think there is a quantum differentiation between HP, Sun and IBM right now. Any one of those products would be a more-than-adequate security platform to base your business systems on," Stiennon said.
Aside from the security tools included in 11i, customers running extended environments can augment internal security with several other add-on security products. These include Virtual Vault, Kerberos Server, Netscape Directory Server and two kinds of AAA authentication -- one for landline phones and one for wireless devices.
For more information:
SPONSORED BY: EMC
Industry analysts on the benefits of automated networked storage and how EMC is leading the way
Every day, EMC Automated Networked Storage lets IT departments cut 60 percent out of per-megabyte costs, consolidate storage management and triple disk utilization -- all at a surprisingly affordable price. Find out what analysts are saying about automated networked storage, and how EMC can help you do more with less.
Read the analyst white papers.
