EasyManua.ls Logo

Entrust nShield - 4.5. Date and Time; 4.5.1. Set the nShield Solo and nShield Connect Real-Time Clock (RTC); 4.5.2. Set the nShield Connect date and time

Entrust nShield
90 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
4.5. Date and Time
The following sections provide procedural guidance about securely using date and time
functions. Please see the User Guides for information on how to operate these functions.
4.5.1. Set the nShield Solo and nShield Connect Real-Time Clock (RTC)
Set the RTC using an accurate trusted local time source as part of the commissioning
process. This must be set as early in the commissioning process as possible. The correct
time must be set to support hardserver and audit logging.
The backup battery for the RTC on the nShield Solo and nShield Solo+
will only last for two weeks when the module is not powered. The RTC
must be reset on power up in such circumstances (i.e. RTC battery
exhaustion). See the nShield Solo and nShield Edge User Guide for
more information about resetting the clock.
4.5.2. Set the nShield Connect date and time
Set the nShield Connect date and time using an accurate trusted local time source as
part of the commissioning process. This must be set as early in the commissioning
process as possible. The correct time must be set to support system, hardserver and
tamper logging.
The nShield Connect supports a Network Time Protocol (NTP) client which if activated
will synchronize the nShield Connect time to an NTP enabled time source.
NTP has featured many security vulnerabilities:
https://www.cvedetails.com/vulnerability-list/vendor id-2153/NTP.html.
The activation of NTP within the nShield Connect can increase the
threats the nShield Connect is exposed to. Due to the nature of NTP
design not all threats can be mitigated. NTP should only be used if your
risk analysis identifies suitable controls to mitigate the impact of its
operation. This could include:
Using only NTP servers that are under the control of the customer,
i.e. within the customer’s enterprise
Using multiple NTP sources to mitigate an attack on a single NTP
source or failure of that source. NTP can provide an accurate time
source through consensus with multiple input servers. It can also
identify which available time servers are inaccurate
To further mitigate attacks on NTP the synchronized time should be compared against
nShield® Security Manual 16 of 90

Table of Contents

Other manuals for Entrust nShield

Preview: Installation Guide
Installation Guide9 pages

Related product manuals