Home > |
---|
The HSM is available in PED-authenticated or password-authenticated versions. Use the configuration steps in this chapter to configure a password-authenticated HSM.
There is no externally visible difference between a password-authenticated or PED-authenticated HSM. For an installed HSM, you can determine its mode of authentication by attempting to log in. A Trusted Path version will direct you to the SafeNet PED. A Password Authenticated version will prompt you for the password. You cannot change the authentication type of a SafeNet HSM. It is a manufacturing configuration, set at the factory. If you have a PED-authenticated (Trusted Path) version, you cannot access the HSM and partitions by means of passwords.
For password-authenticated HSMs, you authenticate to the HSM as Security Officer, or User, etc., by typing a password on your computer keyboard. This has the advantage of not requiring any additional hardware - you just have to remember the appropriate password. On the other hand, any password you type on a computer is vulnerable to being seen by someone watching, or by mal-ware that logs your keystrokes or otherwise records what you type. Also, if the password is strong enough to be secure, it might be complicated enough that personnel are tempted to write it down - another avenue of possible exposure.
1.Initialize the HSM, as described in Initializing a Password-Authenticated SafeNet USB HSM.
2.Change the HSM policies, if desired, as described in Setting SafeNet USB HSM Policies [Optional]. If any of the policies you set are destructive, you must re-initialize the HSM after setting the polices.
3.Create a partition on the HSM, as described in Creating a Partition on SafeNet USB HSM.
4.Change the partition policies, if desired, as described in Setting SafeNet USB HSM Partition Policies [Optional]