Alternatively, the logs can be pushed to a remote syslog server (which is not the RFS).
However, in this situation no integrity mechanism is applied to the logs: if threats can
arise in the network and storage environment that could compromise log integrity, the
customer should implement a trusted delivery and storage mechanism to protect the
integrity of these logs.
4.7.5. nToken, nShield Edge and nShield Solo hardserver logs
For nToken, nShield Edge and nShield Solo products the hardserver logs are stored in the
associated host platform and do not have an integrity mechanism applied to the logs.
Therefore, physical, procedural and technical controls should be applied to the host
platform environment to protect the integrity of the logs.
4.7.6. Hardserver and system log environment variables
For Hardserver and System logging, environment variables can be applied to control the
amount of logging information. See the nShield Connect User Guide or nShield Solo User
Guide for more information. Your system management policy and security policy will
determine the level of logging required.
4.7.7. Debugging options
Debugging information is available for hardware, application, Application Programming
Interfaces (APIs) and operating systems. Unless required for development debugging for
these sources should not be enabled (it is disabled by default).
Some debug information is provided in command line responses and therefore cannot be
disabled.
CodeSafe debugging is disabled by default, but you can choose
whether to enable it for all users or whether to make it available only
through use of an ACS.
Debugging can leak potentially useful information to an attacker so should not be
enabled in production environments.
4.8. Configure access control
4.8.1. Security World key protection options
For guidance on access control mechanisms available to protect application keys in a
Security World see Access Control.
nShield® Security Manual 24 of 90
To Next Page
Loading...
