CHAPTER 1 Planning Your Configuration
Note:
While the "built-in" 'admin', 'operator', and 'monitor' accounts are not deleted or added by
a restore operation (those accounts are permanent), both their enabled/disabled status and their
passwords are changed to whatever prevailed at the time the backup was originally taken.
Security of Shell User Accounts
In most cases anticipated by the design and target markets for Luna SA, both the Luna SA appliance and any
computers that make network connections for administrative purposes, would reside inside your organization's secure
premises, behind well-maintained firewalls. Site-to-site connections would be undertaken via VPN. Therefore, attacks
on the shell account(s) would normally not be an issue.
However, if your application requires placing the Luna appliance in an exposed position (the DMZ and beyond), then
please see
"About Connection Security"
in the Overview document for some additional thoughts.
Crypto Officer & Crypto User
An available security layer is required in some security and authentication schemes, as follows:
For those who need the additional distinction, the Partition Owner role (black PED Key) can optionally be subdivided
into two further roles:
- Crypto Officer
- Crypto User
In the past, and continuing, the separation of roles on the Luna HSM follows the standard Cryptoki model:
•
appliance admin
This is the basic administrative access to the a Luna HSM appliance. When you connect via ssh (putty.exe or other
ssh utility), the Luna HSM presents the "login as:" prompt. The only ID that is accepted is "admin".
You must be logged in as the appliance "admin" before you can access further authentication layers such as HSM
Admin, Partition Owner, Crypto Officer.
The appliance "admin" performs network administration and some other functions that do not require the additional
authentication. Therefore, by controlling access to passwords (for a Luna HSM with Password Authentication) or to
PED Keys (for a Luna HSM with Trusted Path Authentication), you can compartmentalize the various
administrative and security roles.
•
HSM Admin
HSM Admin has control of the HSM within the a Luna HSM appliance. To access HSM Admin functions, you must
first be logged in as appliance admin.
In addition to all the other appliance functions, a user who has authenticated with the HSM Admin password (for a
Luna HSM with Password Authentication) or the HSM Admin (blue) PED Key (for a Luna HSM with Trusted Path
Authentication) can:
–
create and delete Partitions,
–
create and delete Partition Owners (black PED Key holders on a Luna HSM with Trusted Path Authentication
only),
–
backup and restore the HSM,
–
change HSM Policies, etc.
•
HSM Partition Owner (or User)
Luna SA Configuration Guide
Release 5.4.1 007-011136-007 Rev C July 2014 Copyright 2014 SafeNet, Inc. All rights reserved.
12