Module Failure; Tamper Incident - Entrust nShield Security Manual
Hide thumbs
Also See for nShield:
- Installation manual (73 pages) ,
- Hardware and setup manual (26 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
• You are not able to access any keys that you previously used in a deleted Security
World
• It is recommended that you reformat any standard nShield cards that were used as
Operator Cards within this Security World before you delete it.
Except for nShield Remote Administration Cards, if you do not reformat
the smart cards used as Operator Cards before you delete your
Security World, you must throw them away because they cannot be
used, erased, or reformatted without the old Security World key.
You must reformat, reuse or destroy the smart cards from a deleted Security World's
ACS. If these cards are not overwritten or destroyed, then an attacker with these smart
cards, a copy of your data (for example, a weekly backup) and access to any nShield
HSM can access your old keys.
11.5. Module failure
If a module fails and cannot be factory reset then application keys protected by Module
keys or NVRAM keys are potentially vulnerable to attack. In this instance procedural and
technical access controls should be deployed to protect the module until secure
destruction of the module occurs as described in
11.6. Tamper incident
Physical Security
provides guidance on the physical security controls available on the
different nShield platforms and the procedural controls required to maintain those
physical security controls across the product's lifecycle.
If a tamper incident is observed the guidance in
be followed to manage the incident. The investigation will determine the extent of the
attack. Once an HSM has been confirmed as being tampered its integrity can no longer
be assured and it should be decommissioned and disposed of — see
Disposal
for more information.
However, there are two instances where it is possible to recover the module from a
tamper event. These are:
• nShield Solo XC tamper events - see
more information.
• nShield Connect lid is either open or closed - see
to investigate the tamper and the criteria required to recover from the tamper. The
occurrence of the event should be recorded and recovery authorized in accordance
with the Customer's Security Incident and Response Policy.
nShield® Security Manual
Decommission and
Security Incident and Response
nShield Solo XC physical security controls
Tamper event
Disposal.
should
Decommission and
for
for guidance on how
77 of 90
Advertisement
Table of Contents
Need help?
Do you have a question about the nShield and is the answer not in the manual?
Questions and answers