Entrust nShield Security Manual page 33
Hide thumbs
Also See for nShield:
- Installation manual (73 pages) ,
- Hardware and setup manual (26 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
as a quorum is needed to replace the old ACS card set. There is no possibility of
recovering it.
If a card from an ACS is lost, you should replace the entire ACS as soon as possible.
5.2.1.3. Card management guidance
• ACS cards should be assigned to different stakeholders to prevent a malicious
administrator attempting to exploit the Security World
• ACS cards should be stored securely in separate locations to prevent an attacker
obtaining a quorum of cards
• Passwords should be used to help prevent stolen card(s) being used. To prevent this
threat arising do not store passwords with the stored card
• Strong pass phrases must be used to prevent an attacker attempting to brute force
the password. See
strong pass phrases
• A register should be maintained of the administrators and the cards they hold to
mitigate being unable to identify administrators and the cards they hold
• Cardsets should be regularly audited to make sure that they are still available and
working. See
Audit
• The process for managing loss, theft or corruption of cards should be set out in your
security procedures. If a quorum of cards is compromised the Security World
protected by the ACS is vulnerable to attack. See
further guidance.
• The requirements for the correct identification, use, movement, storage and
protection of cards by trusted, authorized individuals should be set out in your
Security Procedures to mitigate administrators not adequately protecting the cards
they are responsible for. See
5.2.2. Module protection
If module protection is selected then access to any application using the module
provides access to module protected keys. Physical and/or logical controls must be
applied to the platforms hosting the applications and their environment to prevent
unauthorized key access.
5.2.3. Softcard protection
If this option is selected then access to application keys is protected by a softcard logical
token and an associated pass phrase. The password policy used in accessing the
softcards should be stated in the customer's Security Procedures. See
nShield® Security Manual
Logical token pass phrase guidance
for further details
Audit
for further details.
for guidance on choosing
Security Incident and Response
Logical token pass
for
33 of 90
Advertisement
Table of Contents
Need help?
Do you have a question about the nShield and is the answer not in the manual?