See - Entrust nShield Security Manual
Hide thumbs
Also See for nShield:
- Installation manual (73 pages) ,
- Hardware and setup manual (26 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
remain responsive in the system that is experiencing unreasonable latency (where the
system's non-performance could be a consequence of an attack).
If Remote Administration is not required then set the dynamic slots to
Remote Administration.
4.10.2. Remote Operator
The Remote Operator feature enables the secure transmission of the contents of a smart
card inserted into the slot of one attended module to another unattended module. To
transmit to a remote module, you must make sure that:
• The smart card is from a persistent OCS – see
persistent OCS.
• The attended and unattended modules are in the same Security World.
By default, modules are initialized into Security Worlds with remote card set reading
enabled. Disable the Remote Operator feature if there is no requirement for it.
4.11. SEE
When an HSM is used to protect application keys, the keys are only available in
unencrypted form when they are loaded into the HSM. However, traditionally, the code
that uses the keys remains on the server. This means that the code is open to attack. It is
possible that the code could be modified in such a way as to leak important information
or compromise your business rules.
By implementing a solution with the SEE, you not only protect your cryptographic keys
but also extend the physical security boundary to include your security critical code and
data. Using the techniques of code signing and secure storage, the SEE enables you to
maintain the confidentiality and integrity of application code and data and to bind them
together so that only code in which you have confidence has access to confidential data.
If your threat analysis determines that the application code is vulnerable to attack, then it
is recommended that you use the integrity and confidentiality protections that are
provided by an SEE machine. See the CodeSafe Developer Guide for more details.
4.11.1. Security World SEE options
You must configure SEE options if you are using the nShield SEE. If you do not have SEE
installed, the SEE options are not applicable.
nShield® Security Manual
Access Control
for guidance on
0
to disable
27 of 90
Advertisement
Table of Contents
Need help?
Do you have a question about the nShield and is the answer not in the manual?
Questions and answers