1745923 Members
4144 Online
108723 Solutions
New Discussion юеВ

HP Virtual Vault

 

HP Virtual Vault

can any one share some knowledge of HP Vitual vault.
5 REPLIES 5
spex
Honored Contributor

Re: HP Virtual Vault

Hi,

From http://docs.hp.com/en/J4255-90011/apas01.html:

The HP Praesidium VirtualVault is a trusted web platform that allows you to conduct business safely on the World Wide Web. VirtualVault is designed to securely connect internal, enterprise applications with clients on an external, untrusted network.

PCS
Mel Burslan
Honored Contributor

Re: HP Virtual Vault

This following is not coming out of a book. This is from my own experience with it, totalling a whopping year and change with an icluded week of official HP training. So take it with a grain of salt.

HP Virtual Vault is an operating system, similar to unix, especially to HP-UX but not identical. It has your standard unix command set at your disposal with some modifications to some of the commands and some additional security enhancement commands.

Under virtual vault, your data is compartmentalized and even if you are root, you can not cross the compartment boundaries usuing casual sysadmin tricks.

There is no free ride on the system. Even the single user mode is password protected and no you can not change it. If you forget your root/superroot password, you might as well kiss your system and all the data goodbye.

History of the OS: The system was developed by Securiy First Inc. and its predecessors, for a military contract armed forced opened a long time ago. After military was granted license to use it, system was still the property of Security First Inc, and it was used to host the first internet bank of the world called "Security First Network Bank" at the address sfnb.com, now part of rbc centura bank.

How I know the story, I once worked at security first inc. and its successor s1.com as system integrator, and systems administrator. Even s1.com, dumped virtual vault in favor of hpux 11.0. Writing applications on Virtual vault was and I presume still is, quite cumbersome.
________________________________
UNIX because I majored in cryptology...
Florian Heigl (new acc)
Honored Contributor

Re: HP Virtual Vault

Mel,

that still sounds like a wonderful toy.
I guess I'd love to administer a system running virtual vault - until now I was afraid it's just a lot of marketing bundled with two systems and ssl accelerators, but it seems to really be a (nice) high-security platform.

thanks for the insight, even if I hadn't asked for it :)
yesterday I stood at the edge. Today I'm one step ahead.
Mel Burslan
Honored Contributor

Re: HP Virtual Vault

Florian,

An anectodal event for you to show how secure the system is:

There happened to be one of those hard to find at that time computer shows (we are talking about pre-internet boom days here, late 80s early 90s) and the company who developed virtual vault at that time has a booth at this show. A very shiny one at that as the only equipment other than tables and chairs at the booth are an HP9000 box with only the console attached to it, a safe, and a middle age craze red Corvette. The note above the console says something like: "the combinations to the safe lock is in a plain text file stored on this system. Whoever can hack into this system, obtain the lock combination, can unlock the safe, get the keys and drive-off in this Corvette." Needless to say, after almost a week of hasty hacking attempts, Corvette had remained as the property of the company.

System was so secure, sometimes it was a pain in the rear for the sysadmin to work with, let alone developers to write applications for it. But once the application was laid out on the server properly, you really did not have to worry about the Willy the neighborhood hacker kid come and swipe account numbers and personal details of the bank customers by simple buffer overflow tricks or any other sophisticated unix cracking techniques. Because, when you are interacting over the web, you are talking to only one of the four compartments. And you can not cross those boundaries with any tool accesible from the command line or by tricking the browser. Sucker was really hardened.
________________________________
UNIX because I majored in cryptology...
Greg_Bishop
Occasional Visitor

Re: HP Virtual Vault

If you're looking for something akin to VVOS  ( HP VirtualVault) check out  www.secure64.com ) it was created by Bill Worley, formerly at HP labs and creator of WideWord ( now iTanium). Look at their SourceT Operating System, not a general purpose OS like Unix but *WAY* secure.

 

Greg