© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.

Slides:



Advertisements
Similar presentations
Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Advertisements

Scenario: EOT/EOT-R/COT Resident admitted March 10th Admitted for PT and OT following knee replacement for patient with CHF, COPD, shortness of breath.
1 ZonicBook/618EZ-Analyst Resonance Testing & Data Recording.
Variations of the Turing Machine
AP STUDY SESSION 2.
1
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Copyright © 2003 Pearson Education, Inc. Slide 7-1 Created by Cheryl M. Hughes The Web Wizards Guide to XML by Cheryl M. Hughes.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Manuscript Central Training Author Center Module 2.
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
David Burdett May 11, 2004 Package Binding for WS CDL.
We need a common denominator to add these fractions.
Microsoft Access 2007 Advanced Level. © Cheltenham Courseware Pty. Ltd. Slide No 2 Forms Customisation.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.
Create an Application Title 1A - Adult Chapter 3.
Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt BlendsDigraphsShort.
Plan My Care Brokerage Training Working in partnership with Improvement and Efficiency South East.
1 Advanced Tools for Account Searches and Portfolios Dawn Gamache Cindy Bylander.
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
Office 2003 Introductory Concepts and Techniques M i c r o s o f t Windows XP Project An Introduction to Microsoft Windows XP and Office 2003.
© Tally Solutions Pvt. Ltd. All Rights Reserved 1 Control Centre December 09.
Photo Slideshow Instructions (delete before presenting or this page will show when slideshow loops) 1.Set PowerPoint to work in Outline. View/Normal click.
© Tally Solutions Pvt. Ltd. All Rights Reserved Shoper 9 License Management December 09.
1 School Administrators Guide Standards-based Report Card (SBRC) Special Access/Privileges for School Administrators Interim Reporting Interim Reporting.
Version 1.0 digitaloffice.intel.com Intel ® vPro Technology Intel ® Active Management Technology Setup and Configuration HP Laptop – Compaq 6910p Small.
Break Time Remaining 10:00.
Turing Machines.
Table 12.1: Cash Flows to a Cash and Carry Trading Strategy.
Chapter 1: Introduction to Scaling Networks
PP Test Review Sections 6-1 to 6-6
1 The Blue Café by Chris Rea My world is miles of endless roads.
Bright Futures Guidelines Priorities and Screening Tables
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
Health Artifact and Image Management Solution (HAIMS)
Bellwork Do the following problem on a ½ sheet of paper and turn in.
Exarte Bezoek aan de Mediacampus Bachelor in de grafische en digitale media April 2014.
Sample Service Screenshots Enterprise Cloud Service 11.3.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
Adding Up In Chunks.
MaK_Full ahead loaded 1 Alarm Page Directory (F11)
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt Synthetic.
GEtServices Services Training For Suppliers Requests/Proposals.
By CA. Pankaj Deshpande B.Com, FCA, D.I.S.A. (ICA) 1.
1 hi at no doifpi me be go we of at be do go hi if me no of pi we Inorder Traversal Inorder traversal. n Visit the left subtree. n Visit the node. n Visit.
Analyzing Genes and Genomes
Speak Up for Safety Dr. Susan Strauss Harassment & Bullying Consultant November 9, 2012.
To the Assignments – Work in Progress Online Training Course
Chapter 12 Working with Forms Principles of Web Design, 4 th Edition.
Essential Cell Biology
Clock will move after 1 minute
PSSA Preparation.
Essential Cell Biology
Immunobiology: The Immune System in Health & Disease Sixth Edition
Physics for Scientists & Engineers, 3rd Edition
Energy Generation in Mitochondria and Chlorplasts
Select a time to count down from the clock above
Import Tracking and Landed Cost Processing An Enhancement For AS/400 DMAS from  Copyright I/O International, 2001, 2005, 2008, 2012 Skip Intro Version.
Benchmark Series Microsoft Excel 2013 Level 2
© Paradigm Publishing, Inc Excel 2013 Level 2 Unit 2Managing and Integrating Data and the Excel Environment Chapter 6Protecting and Sharing Workbooks.
Presentation transcript:

© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course

2 © SafeNet Confidential and Proprietary Lesson Objectives >By the end of this lesson, you should be able to: >Describe the security considerations prior to the smart card deployment >Deploy and work with Recovery Card >Describe the functions of System Card >Assign Admin Card to a SafeNet StorageSecure administrator

3 © SafeNet Confidential and Proprietary Recovery Cards

4 © SafeNet Confidential and Proprietary Recovery Cards >Required: >Secret to access the Recovery Policy Key is split and shared across Recovery Cards >Secret sharing ensures multiple people are required to access cryptographic functions >Card reader at management station and KeySecure server >PIN is required per Card.

5 © SafeNet Confidential and Proprietary Recovery Policy Key

6 © SafeNet Confidential and Proprietary Quorum of Recovery Cards >Required to perform critical operations >Quorum options: >2 out of 5 (default) >3 out of 5 >2 out of 3

7 © SafeNet Confidential and Proprietary Security Considerations

8 © SafeNet Confidential and Proprietary Compartmentalization >Compartmentalization is an important security concept >Access to information is limited to only those persons who must have access >SafeNet StorageSecure provides three types of compartmentalization >Storage Vaults >Role based access control >Security domain

9 © SafeNet Confidential and Proprietary Security Domains >Each SafeNet StorageSecure appliance or SafeNet StorageSecure cluster belongs to one security domain >Multiple SafeNet StorageSecure appliances and clusters can belong to the same security domain >A security domain is defined by its Recovery Cards >Recovery Cards are associated with Recovery Officers

10 © SafeNet Confidential and Proprietary Security Domain Considerations >Single security domain for all sites? >Separate security domains for each site? >Multiple security domains for each site?

11 © SafeNet Confidential and Proprietary Single Security Domain

12 © SafeNet Confidential and Proprietary Single Security Domain (Cont.) >Advantage >Easy to track the Recovery Cards and Officers >Disadvantages >Not compartmentalized >Recovery Card changes are specific to the SafeNet StorageSecure appliance or cluster and must be repeated for each SafeNet StorageSecure appliance or cluster in the security domain

13 © SafeNet Confidential and Proprietary Multiple Security Domains

14 © SafeNet Confidential and Proprietary Multiple Security Domains (Cont.) >Advantages >Compartmentalized >Recovery Card changes are local to the SafeNet StorageSecure appliances or clusters in the security domain >Disadvantages >Need to track many cards and owners >High administrative overhead

15 © SafeNet Confidential and Proprietary Selecting Security Domain >Driven by the Security Policy and level of security to be achieved >Driven by the choice between level of security and flexibility in administration >No best practice or recommendation

16 © SafeNet Confidential and Proprietary Deploying Recovery Cards

17 © SafeNet Confidential and Proprietary Recovery Cards >A quorum of Recovery Officers or Cards are required to authorize critical operations: >Recovering a SafeNet StorageSecure appliance >Adding a new cluster member >Translating Storage Vault keys >Creating a Recovery Key Archive file >Establishing a trust relationship >Replacing a Recovery Card >Each card contains a user PIN in order to enable strong authentication.

18 © SafeNet Confidential and Proprietary Recovery Card Considerations >What should the quorum size be? >2 out of 3, 2 out of 5, or 3 out of 5 >Should a Recovery Key Archive file be used? >What about disaster planning? >Keep a quorum of Recovery Cards or Recovery Key Archive file in escrow? >Keep a quorum of Recovery Cards or Recovery Key Archive file at DR site?

19 © SafeNet Confidential and Proprietary Replacing a Recovery Card >Scenario: >Recovery card is lost, stolen, or damaged >Requirements: >A quorum of Recovery Officers and Recovery Cards to authorize a replacement >Replacement cards, uninitialized or initialized >Replace Recovery Cards in the set >Perform a manual backup of the configuration database after this process >Older backups cannot function with the new set of Recovery Cards

20 © SafeNet Confidential and Proprietary Rolling Replacement – Single Appliance/Cluster

21 © SafeNet Confidential and Proprietary Replacement – Multiple Appliances/Clusters

22 © SafeNet Confidential and Proprietary Replacement – Multiple Appliances – Cont.

23 © SafeNet Confidential and Proprietary Replacement – Multiple Appliances – Cont. >Recovery Card Loss Management >If multiple copies of data exist in multiple locations, losing a recovery card becomes a more critical security threat. >For sensitive environments, It is required to replace and destroy all remaining recovery cards within a recovery card set if ANY recovery card is lost or stolen. >This is the only method to restore a security domain to the security level prior to the lost or stolen recovery card incident. Replacing and destroying all recovery cards within the security domain will guarantee that all known and unknown copies of data are safe if an additional recovery card is lost or stolen.

24 © SafeNet Confidential and Proprietary Replace Recovery Card or Recovery Officer

25 © SafeNet Confidential and Proprietary Change a Recovery Card Password >Scenario: >Recovery Officer leaves company and card is reassigned >Password expiration policy >Requirements: >Must know or can retrieve card properties and current password

26 © SafeNet Confidential and Proprietary Change a Recovery Card Password (Cont.)

27 © SafeNet Confidential and Proprietary Smart Card Utilities >Erase all current information on the card >Change passwords to default and zeroize all key material for secret sharing >A quorum must remain before resetting cards >Authorizer privileges are required for Full Admin >Use when: >Personnel change >Security domain change >Password is lost >Replacement cards available

28 © SafeNet Confidential and Proprietary Smart Card Utilities (Cont.) >Do not select appliance >Click Security Smart Card Utilities

29 © SafeNet Confidential and Proprietary Set Up Remote Authorization

30 © SafeNet Confidential and Proprietary Remote Authorization >Initiate and verify Recovery Card operation for >Initial Setup >Trustee Wizard >Provide Recovery Cards from different location >Recovery Officers provide the Recovery Card >Only one Recovery Officer should operate at a time >Otherwise they might overwrite each others approval >Administrator should log in and complete the process >Can be enabled only in the Storage Secure Set-up phase.

31 © SafeNet Confidential and Proprietary Remote Authorization – Initial Setup

32 © SafeNet Confidential and Proprietary Remote Authorization Enabled >Click Enable Remote Authorization and Close wizard

33 © SafeNet Confidential and Proprietary Presenting Remote Recovery Cards >In SafeNet StorageSecure Management Console, add appliance and start setup >Click Yes to add card remotely

34 © SafeNet Confidential and Proprietary Presenting Remote Recovery Card (Cont.) >Recovery Officers present the Recovery Cards and passwords remotely >Click Next and close the wizard. Repeat for all cards.

35 © SafeNet Confidential and Proprietary Remote Authorization – All Cards Present >SafeNet StorageSecure administrator to start setup and confirm the inputs >Complete Setup Wizard

36 © SafeNet Confidential and Proprietary System Cards

37 © SafeNet Confidential and Proprietary System Card >Required: >Once initialized, each system card is unique to that SafeNet StorageSecure appliance >Secure communication channel between SEP and system card >Unlocks the master key >Required to start encryption services; can be removed >Card reader in the SafeNet StorageSecure appliance >No PIN is used

38 © SafeNet Confidential and Proprietary System Card >Contains one of the ignition keys >Crypto services do not start without it >Can be removed after boot up >If the System Card is lost: >SafeNet StorageSecure appliance must be zeroized and restored >New System Card is initialized >The Restore process must be authorized by Recovery Officers/Cards >System cards do not require a user PIN

39 © SafeNet Confidential and Proprietary Shipping a SafeNet StorageSecure Appliance >If the SafeNet StorageSecure appliance is uninitialized/zeroized >SafeNet StorageSecure and System Card are shipped together >If the SafeNet StorageSecure appliance is initialized >SafeNet StorageSecure and System Card are shipped separately >If the SafeNet StorageSecure appliance is returned to SafeNet >Ship the SafeNet StorageSecure, initialize or destroy the System Card

40 © SafeNet Confidential and Proprietary Admin Cards

41 © SafeNet Confidential and Proprietary Admin Card >Optional: >Provides two-factor authentication >Can be shared between SafeNet StorageSecure appliances >Card reader at management station >No PIN is used

42 © SafeNet Confidential and Proprietary Admin Cards >An administrator account can be associated with a unique Admin Card >Provides two-factor authentication >Provides hardware password security >It is possible to save profiles for up to 32 StorageSecure appliances in one Admin Card >If an Admin Card is lost >Delete Administrator account >Create new administrator account >Assign new Admin Card to the new administrator account >Admin cards do not require a user PIN – For Strong authentication, an admin user will need to user the Admin card and to provide his password.

43 © SafeNet Confidential and Proprietary Associating Admin Cards >Use the View Administrators tab to: >Add Admin Cards >Remove Admin Cards >Associate an administrator with a new Admin Card

44 © SafeNet Confidential and Proprietary Add Admin Card >Configuration View Administrators >Right-click administrator for options

45 © SafeNet Confidential and Proprietary Protecting Against Insider Attacks >Safeguard Admin Card >Not used for routine administration >Admin Card for authentication of SafeNet StorageSecure Management Console and command-line interface access >Create authorizing administrator and limited administrator >Both must log in for SafeNet StorageSecure Management Console and command-line interface access >Limited administrator can complete all management tasks >Authorizing administrator logged in until limited administrator logs out

46 © SafeNet Confidential and Proprietary Requiring Authorization >On the View Administrators tab, right-click an existing administrator and select Edit.

47 © SafeNet Confidential and Proprietary Last Admin Card Lost >Use the serial console to zeroize and restore the SafeNet StorageSecure appliance, or use the Zeroize button. >Use terminal client >Assign appliance IP settings >Run Setup Wizard

48 © SafeNet Confidential and Proprietary Lesson Summary >In this lesson, you should have learned to: >Describe the security considerations prior to the smart card deployment >Deploy and work with Recovery Card >Describe the functions of System Card >Assign Admin Card to a SafeNet StorageSecure administrator

49 © SafeNet Confidential and Proprietary Hands on Exercise: Complete: 08 Administering StorageSecure Smart Card

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.