© safenet confidential and proprietary administering safenet storagesecure smart card module 3:...
TRANSCRIPT
© SafeNet Confidential and Proprietary
Administering SafeNet StorageSecure Smart Card
Module 3: Lesson 5SafeNet StorageSecure Storage Security Course
2
© SafeNet Confidential and Proprietary
Lesson Objectives
> By the end of this lesson, you should be able to:
> Describe the security considerations prior to the smart card deployment
> Deploy and work with Recovery Card
> Describe the functions of System Card
> Assign Admin Card to a SafeNet StorageSecure administrator
3
© SafeNet Confidential and Proprietary
Recovery Cards
4
© SafeNet Confidential and Proprietary
Recovery Cards
> Required:
> Secret to access the Recovery Policy Key is split and shared across Recovery Cards
> Secret sharing ensures multiple people are required to access cryptographic functions
> Card reader at management station and KeySecure server
> PIN is required per Card.
5
© SafeNet Confidential and Proprietary
Recovery Policy Key
6
© SafeNet Confidential and Proprietary
Quorum of Recovery Cards
> Required to perform critical operations
> Quorum options:
> 2 out of 5 (default)
> 3 out of 5
> 2 out of 3
7
© SafeNet Confidential and Proprietary
Security Considerations
8
© SafeNet Confidential and Proprietary
Compartmentalization
> Compartmentalization is an important security concept
> Access to information is limited to only those persons who must have access
> SafeNet StorageSecure provides three types of compartmentalization
> Storage Vaults
> Role based access control
> Security domain
9
© SafeNet Confidential and Proprietary
Security Domains
> Each SafeNet StorageSecure appliance or SafeNet StorageSecure cluster belongs to one security domain
> Multiple SafeNet StorageSecure appliances and clusters can belong to the same security domain
> A security domain is defined by its Recovery Cards
> Recovery Cards are associated with Recovery Officers
10
© SafeNet Confidential and Proprietary
Security Domain Considerations
> Single security domain for all sites?
> Separate security domains for each site?
> Multiple security domains for each site?
11
© SafeNet Confidential and Proprietary
Single Security Domain
12
© SafeNet Confidential and Proprietary
Single Security Domain (Cont.)
> Advantage
> Easy to track the Recovery Cards and Officers
> Disadvantages
> Not compartmentalized
> Recovery Card changes are specific to the SafeNet StorageSecure appliance or cluster and must be repeated for each SafeNet StorageSecure appliance or cluster in the security domain
13
© SafeNet Confidential and Proprietary
Multiple Security Domains
14
© SafeNet Confidential and Proprietary
Multiple Security Domains (Cont.)
> Advantages
> Compartmentalized
> Recovery Card changes are local to the SafeNet StorageSecure appliances or clusters in the security domain
> Disadvantages
> Need to track many cards and owners
> High administrative overhead
15
© SafeNet Confidential and Proprietary
Selecting Security Domain
> Driven by the Security Policy and level of security to be achieved
> Driven by the choice between level of security and flexibility in administration
> No best practice or recommendation
16
© SafeNet Confidential and Proprietary
Deploying Recovery Cards
17
© SafeNet Confidential and Proprietary
Recovery Cards
> A quorum of Recovery Officers or Cards are required to authorize critical operations:
> Recovering a SafeNet StorageSecure appliance
> Adding a new cluster member
> Translating Storage Vault keys
> Creating a Recovery Key Archive file
> Establishing a trust relationship
> Replacing a Recovery Card
> Each card contains a user PIN in order to enable strong authentication.
18
© SafeNet Confidential and Proprietary
Recovery Card Considerations
> What should the quorum size be?
> 2 out of 3, 2 out of 5, or 3 out of 5
> Should a Recovery Key Archive file be used?
> What about disaster planning?
> Keep a quorum of Recovery Cards or Recovery Key Archive file in escrow?
> Keep a quorum of Recovery Cards or Recovery Key Archive file at DR site?
19
© SafeNet Confidential and Proprietary
Replacing a Recovery Card
> Scenario:
> Recovery card is lost, stolen, or damaged
> Requirements:
> A quorum of Recovery Officers and Recovery Cards to authorize a replacement
> Replacement cards, uninitialized or initialized
> Replace Recovery Cards in the set
> Perform a manual backup of the configuration database after this process
> Older backups cannot function with the new set of Recovery Cards
20
© SafeNet Confidential and Proprietary
Rolling Replacement – Single Appliance/Cluster
21
© SafeNet Confidential and Proprietary
Replacement – Multiple Appliances/Clusters
22
© SafeNet Confidential and Proprietary
Replacement – Multiple Appliances – Cont.
23
© SafeNet Confidential and Proprietary
Replacement – Multiple Appliances – Cont.
> Recovery Card Loss Management
> If multiple copies of data exist in multiple locations, losing a recovery card becomes a more critical security threat.
> For sensitive environments, It is required to replace and destroy all remaining recovery cards within a recovery card set if ANY recovery card is lost or stolen.
> This is the only method to restore a security domain to the security level prior to the lost or stolen recovery card incident. Replacing and destroying all recovery cards within the security domain will guarantee that all known and unknown copies of data are safe if an additional recovery card is lost or stolen.
24
© SafeNet Confidential and Proprietary
Replace Recovery Card or Recovery Officer
25
© SafeNet Confidential and Proprietary
Change a Recovery Card Password
> Scenario:
> Recovery Officer leaves company and card is reassigned
> Password expiration policy
> Requirements:
> Must know or can retrieve card properties and current password
26
© SafeNet Confidential and Proprietary
Change a Recovery Card Password (Cont.)
27
© SafeNet Confidential and Proprietary
Smart Card Utilities
> Erase all current information on the card
> Change passwords to default and zeroize all key material for secret sharing
> A quorum must remain before resetting cards
> Authorizer privileges are required for Full Admin
> Use when:
> Personnel change
> Security domain change
> Password is lost
> Replacement cards available
28
© SafeNet Confidential and Proprietary
Smart Card Utilities (Cont.)
> Do not select appliance
> Click SecuritySmart Card Utilities
29
© SafeNet Confidential and Proprietary
Set Up Remote Authorization
30
© SafeNet Confidential and Proprietary
Remote Authorization
> Initiate and verify Recovery Card operation for
> Initial Setup
> Trustee Wizard
> Provide Recovery Cards from different location
> Recovery Officers provide the Recovery Card
> Only one Recovery Officer should operate at a time
> Otherwise they might overwrite each other’s approval
> Administrator should log in and complete the process
> Can be enabled only in the Storage Secure Set-up phase.
31
© SafeNet Confidential and Proprietary
Remote Authorization – Initial Setup
32
© SafeNet Confidential and Proprietary
Remote Authorization Enabled
> Click “Enable Remote Authorization” and Close wizard
33
© SafeNet Confidential and Proprietary
Presenting Remote Recovery Cards
> In SafeNet StorageSecure Management Console, add appliance and start setup
> Click “Yes” to add card remotely
34
© SafeNet Confidential and Proprietary
Presenting Remote Recovery Card (Cont.)
> Recovery Officers present the Recovery Cards and passwords remotely
> Click Next and close the wizard. Repeat for all cards.
35
© SafeNet Confidential and Proprietary
Remote Authorization – All Cards Present
> SafeNet StorageSecure administrator to start setup and confirm the inputs
> Complete Setup Wizard
36
© SafeNet Confidential and Proprietary
System Cards
37
© SafeNet Confidential and Proprietary
System Card
> Required:
> Once initialized, each system card is unique to that SafeNet StorageSecure appliance
> Secure communication channel between SEP and system card
> Unlocks the master key
> Required to start encryption services; can be removed
> Card reader in the SafeNet StorageSecure appliance
> No PIN is used
38
© SafeNet Confidential and Proprietary
System Card
> Contains one of the ignition keys
> Crypto services do not start without it
> Can be removed after boot up
> If the System Card is lost:
> SafeNet StorageSecure appliance must be zeroized and restored
> New System Card is initialized
> The Restore process must be authorized by Recovery Officers/Cards
> System cards do not require a user PIN
39
© SafeNet Confidential and Proprietary
Shipping a SafeNet StorageSecure Appliance> If the SafeNet StorageSecure appliance is uninitialized/zeroized
> SafeNet StorageSecure and System Card are shipped together
> If the SafeNet StorageSecure appliance is initialized
> SafeNet StorageSecure and System Card are shipped separately
> If the SafeNet StorageSecure appliance is returned to SafeNet
> Ship the SafeNet StorageSecure, initialize or destroy the System Card
40
© SafeNet Confidential and Proprietary
Admin Cards
41
© SafeNet Confidential and Proprietary
Admin Card
> Optional:
> Provides two-factor authentication
> Can be shared between SafeNet StorageSecure appliances
> Card reader at management station
> No PIN is used
42
© SafeNet Confidential and Proprietary
Admin Cards
> An administrator account can be associated with a unique Admin Card
> Provides two-factor authentication
> Provides hardware password security
> It is possible to save profiles for up to 32 StorageSecure appliances in one Admin Card
> If an Admin Card is lost
> Delete Administrator account
> Create new administrator account
> Assign new Admin Card to the new administrator account
> Admin cards do not require a user PIN – For Strong authentication, an admin user will need to user the Admin card and to provide his password.
43
© SafeNet Confidential and Proprietary
Associating Admin Cards
> Use the View Administrators tab to:
> Add Admin Cards
> Remove Admin Cards
> Associate an administrator with a new Admin Card
44
© SafeNet Confidential and Proprietary
Add Admin Card
> ConfigurationView Administrators
> Right-click administrator for options
45
© SafeNet Confidential and Proprietary
Protecting Against Insider Attacks
> Safeguard Admin Card
> Not used for routine administration
> Admin Card for authentication of SafeNet StorageSecure Management Console and command-line interface access
> Create authorizing administrator and limited administrator
> Both must log in for SafeNet StorageSecure Management Console and command-line interface access
> Limited administrator can complete all management tasks
> Authorizing administrator logged in until limited administrator logs out
46
© SafeNet Confidential and Proprietary
Requiring Authorization
> On the View Administrators tab, right-click an existing administrator and select Edit.
47
© SafeNet Confidential and Proprietary
Last Admin Card Lost
> Use the serial console to zeroize and restore the SafeNet StorageSecure appliance, or use the Zeroize button.
> Use terminal client
> Assign appliance IP settings
> Run Setup Wizard
48
© SafeNet Confidential and Proprietary
Lesson Summary
> In this lesson, you should have learned to:
> Describe the security considerations prior to the smart card deployment
> Deploy and work with Recovery Card
> Describe the functions of System Card
> Assign Admin Card to a SafeNet StorageSecure administrator
49
© SafeNet Confidential and Proprietary
Hands on Exercise:
Complete:08 Administering StorageSecure Smart Card