Recovery Action
For every Connect that the affected client has communicated with, use the Front Panel
to remove the client’s configuration data.
For any RFS that the affected client has communicated with, update the RFS’s
configuration file to remove the client’s configuration data.
Manually delete the kneti file identified as kneti-hardserver.
•
On Windows, it is stored in C:\ProgramData\nCipher\Key Management Data\hardserver.d\.
•
On Linux, is stored in /opt/nfast/kmdata/hardserver.d/.
Reboot the client.
Isolate client and investigate compromise.
Once resolved re-configure the Connects/RFS that this client communicated with using
same client’s IP address/ESN, but the new KNETI hash, and then re-establish the secure
channel to the Connect(s)/RFS.
11.3.7. Compromised Key or Secret: nToken KNETI
Compromise Type
Attacker has subverted nToken memory OR A brute force attack on KNETI encrypted
blob held in KNETI file in the KMData folder.
Impact
KNETI is compromised and must not be used
Recovery Action
For every Connect that the affected client has communicated with, use the Front Panel
to remove the client’s configuration data
For any RFS that the affected client has communicated with, update the RFS’s
configuration filer to remove the client’s configuration data.
Manually delete the kneti file identified as kneti-nToken ESN.
•
On Windows, it is stored in: C:\ProgramData\nCipher\Key Management Data\hardserver.d\.
•
On Linux, is stored in /opt/nfast/kmdata/hardserver.d/.
Destroy the nToken as its integrity can no longer be guaranteed.
Configure a new nToken to communicate with an nShield Connect.
nShield® Security Manual 74 of 90
To Next Page
Loading...
