Hardware; Network Configuration - Entrust nShield Security Manual
Hide thumbs
Also See for nShield:
- Installation manual (73 pages) ,
- Hardware and setup manual (26 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
to reduce the threat level for vulnerabilities arising in software (even if unused).
The integrity of the software CDs have SHA256 checksums applied to them. If you have
concerns over the integrity of a received software CD then the file checksums should be
verified with Support.
4.3. Hardware
4.3.1. Trusted Verification Device
For use with the Remote Administration Client, Entrust supplies and strongly
recommends the use of the nShield Trusted Verification Device (TVD). This specialized
smart card reader allows the card holder to securely confirm the Electronic Serial
Number (ESN) of the HSM to which they want to connect, using the nShield Trusted
Verification Device display.
4.3.2. Mode switch and jumper switches (nShield Solo only)
The mode switch on the back panel controls the mode of the module. See the User Guide
for the HSM for more information about checking and changing the mode of an HSM.
You can set the physical mode override jumper switch on the circuit board of the nShield
Solo to the ON position, to prevent accidental operation of the Mode switch. If this
override jumper switch is on, the nShield Solo ignores the position of the Mode switch.
You can set the remote mode override jumper switch on the circuit
board of the nShield Solo to the ON position to prevent mode change
using the
threat analysis determines that it may be possible for a remote
malicious or negligent user to interrupt operational service. In this
instance the security policies of your organization should require that
the physical mode switch must be used to authorize mode changes.
For example a trusted role holder has to be locally present to authorize
the change.
4.4. Network configuration
4.4.1. Firewall settings
When setting up your firewall, you should make sure that the port settings are
compatible with the HSMs and allow access to the system components you are using.
See the Installation Guide for default port numbers. Only open up the ports you require
nShield® Security Manual
nopclearfail
command. This should be done if, for example, a
14 of 90
Advertisement
Table of Contents
Need help?
Do you have a question about the nShield and is the answer not in the manual?
Questions and answers