Appliance Roles

For the SafeNet Luna Network HSM, roles fall under two main hierarchies:

>Roles to access the appliance that contains the HSM and that provides the network connectivity; these are accessed through SSH or local serial connection, via the LunaSH command line, and include:

The highest-level, full-access administrative role, called 'admin'

The medium-level operational administrative role, called 'operator'

The lowest-level observation-only administrative role, called 'monitor'

The role responsible for managing HSM audit logging, independent from other roles on the HSM, called 'audit'

>Roles that access the HSM, described in HSM Roles and Secrets

SafeNet Luna Network HSM offers administrative roles external to the contained HSM, to oversee the management of the appliance that hosts the HSM, including network setup, system monitoring, and other tasks.

Named Administrative Users and Their Assigned Roles

By default, the appliance has

> One 'admin' user, with role 'admin,' always enabled, default password "PASSWORD"

>One 'operator' user, with role 'operator,' disabled until enabled by the 'admin' user, default password "PASSWORD"

>One 'monitor' user, with role 'monitor,' disabled until enabled by the 'admin' user, default password "PASSWORD"

>One 'audit' user, with role 'audit', disabled until enabled by the 'admin' user, default password "PASSWORD"

Those four "built-in" accounts can be neither created nor destroyed, but 'admin' can enable or disable the other three as needed.

You can leave that arrangement as-is, or you can create additional users with names of your own choice, and assign them any of the roles (and the powers that go with those roles).

Thus, you could choose to have:

>Multiple admin-level users, each with a different name

>Multiple operator-level users (or none, if you prefer), each with a different name

>Multiple monitor-level users (or none, if you prefer), each with a different name

>Multiple audit-level users (or none, if you prefer), each with a different name

NOTE   Administrative users' names can be a single character or as many as 128 characters, chosen from letters a-z, or A-Z, numbers 0-9, the dash, the dot, or the underscore. No spaces. No two users (regardless of role) can have the same name.

Abilities or Privileges of Created Users

Named users empowered with the 'admin' role can perform most actions that the original admin can perform.

User accounts granted the 'operator' role have access to a reduced set of administrative commands.

User accounts granted the 'monitor' role can take no actions on the appliance or HSM, and are restricted to commands that view, list or show.

User accounts granted the 'audit' role are restricted to commands governing HSM audit logging functions. See Audit Logging in the Administration Guide for more information on this specialized role.

Within the SafeNet appliance, appliance-level and HSM-level roles interact, where the access level of the role that is currently logged into the appliance sees either the full set or a subset of HSM-using commands.

>Someone logged into the appliance as 'monitor' can see only reporting-type commands for the appliance (commands that show lists and status of subsystems), and can see only reporting-type commands for the HSM within the appliance.

>Someone logged into the appliance as 'operator' can see and use most of the commands that the 'admin' user can access, at both the appliance and the HSM levels.

>Someone logged into the appliance as 'admin' can see and use all possible commands affecting both the appliance and the contained HSM, including all commands that create and modify other roles, and that initialize the HSM.

The commands available to the roles are listed in LunaSH Command Summary.

Rationale for Creating Extra Administrative Users

One reason for creating multiple named users would be for the purpose of distinguishing individual persons' activities in the logs.

For example, a user named 'john' running the LunaSH command syslog tail would appear in the April 13 log as:

Apr 13 14:17:15 172 -lunash: Command: syslog tail  : john : 192.20.10.133/3107

Command Result : 0 (Success)
 

Perhaps you have people performing similar functions at physically separate locations, or you might have staff assigned to teams or shifts for 24-hour coverage. It could be valuable (or required by your security auditors) to know and be able to show which specific person performed which actions on the system.

Implications of Backup and Restore of User Profiles

The commands sysconf config backup and sysconf config restore allow you to store a snapshot of the administrative user database (the names and status of all named LunaSH users) that can later be restored if desired.

CAUTION!   Restoring from backup restores the database of user profiles that existed before the backup was made. You will lose any user accounts created since the backup; passwords of existing users could be reverted without their knowledge; enabled users might be disabled; disabled users might be enabled; and any user accounts removed since that backup will be restored.

Your records should indicate when user-profile changes were made, and what those changes were. Any time you restore a backup, reconcile the changed statuses and inform anyone who is affected. For example, users need to know to use their previous password, and to change it immediately.

Security of Shell User Accounts

In most cases anticipated by the design and target markets for SafeNet Luna Network HSM, both the SafeNet Luna Network HSM appliance and any computers that make network connections for administrative purposes would reside inside your organization's secure premises, behind well-maintained firewalls. Site-to-site connections would be undertaken via VPN. Therefore, attacks on the shell account(s) would normally not be an issue.


Customer Support Portal

SafeNet Luna Network HSM 7.2 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.