privileged connections are allowed, the client can issue commands (such as clearing the
HSM) which interfere with its normal operation. We recommend that you allow only
unprivileged connections unless you are performing administrative tasks.
Privileged connections can be restricted to ports numbered less than 1024 (low ports) as
opposed to all ports. The low ports are reserved for use by root on Linux. Your threat
analysis should determine whether a restriction of privilege use to low ports should
apply.
5.6. Role holder lifecycle guidance
5.6.1. Roles
The roles that can access the applications that use the HSM and their access rights for
using application keys should be identified in your security procedures. Access rights
must be assigned as the minimum required for a role to be performed.
5.6.1.1. Windows user privileges
Maintaining the integrity of your system against deliberate or accidental acts can be
enhanced by appropriate use of (Operating System (OS)) user privileges. There are two
levels of user in Windows:
•
Administrator access
•
Normal users.
Administrator access (an Administrator on Windows) is required for such tasks as:
•
Software installation, starting and stopping the hardserver and SNMP
•
Typically, any operation that requires write access, such as the creation of Security
Worlds, card sets and keys.
Typically, normal users can only carry out read-only operations involving Security Worlds,
card sets and keys. For example, encrypted copies of keys are held in Key Management
Data (C:\ProgramData\nCipher\Key Management Data). The default permissions allow all users
to read these files, enabling them to use keys but not create them. File permissions can
be altered to restrict access to specific keys to specific users/groups.
5.6.1.2. Linux user privileges
Maintaining the integrity of your system against deliberate or accidental acts can be
enhanced by appropriate use of (OS) user privileges. There are three levels of user:
•
Superuser
nShield® Security Manual 39 of 90
To Next Page
Loading...
