|
Home > |
|---|
Set the size of the packet replay window for the STC admin channel. The STC admin channel is local to the appliance, and is used to transmit data between the local services and applications running on the appliance (such as LunaSH, NTLS, and the STC service) and the HSM SO partition.
This value specifies the number of packets in the window of sequenced packets that are tracked to provide anti-replay protection.
All packets sent over an STC link are sequenced and tracked. This allows the receiver to reject old or duplicate packets, thus preventing an attacker from attempting to insert or replay packets. The receiver remembers which packets it has received within a specified window, and rejects any packets that have already been received or that are older than the oldest packet in the window.
The replay window is dynamic and is defined by the packets in the range {(X-N+1) to X}, where X is the current packet number and N is the replay window size. Any packets numbered X-N or older are discarded. Any packets in the range of the replay window {(X-N+1) to X} that have already been received are discarded. All other packets are accepted.
Note: Each STC packet corresponds to a single command. That is, each command sent to the HSM is encapsulated within a single STC packet.
hsm stc replaywindow set -size <number_of_packets>
| Parameter | Shortcut | Description |
|---|---|---|
| -size <number_of_packets> | -s <number_of_packets> |
Specifies the number of packets (commands) in the replay window. Range:100-1000 Default:120 |
lunash:>hsm stc replaywindow set -size 500
Successfully changed the size of the replay window for HSM to 500 commands.