Rainbow-Chrysalis Luna SA HSM
January 01, 2004
- Ease of Use:
- Value for Money:
- Overall Rating:
Good performance, comprehensive documentation, solidly built, excellent security.
The device could have benefited from a browser-based GUI.
While it is not the fastest kit on the block, it certainly offers a range of features, performance and security at an acceptable price.
Of course, we are not all seduced by looks, but this box - with its burnt-orange fascia and wavy ventilation-hole detail - could win an award just for sheer . The Rainbow-Chrysalis Luna SA Hardware Security Module is a tamper-resistant 2U rack mount unit. Installation presented no problems and configuration was carried out using a serial cable link to a command line interface.
Unlike some of the other devices on test, this does not offer any kind of graphical user interface for configuration or monitoring. It can, however, be monitored using SNMP. Operating in command line mode is not to everyone's taste, but presents no problems in this instance.
It is supplied with extensive and comprehensive documentation on CD-Rom, which also contains client software to be installed on the web servers. The documentation is also provided in printed form, which is convenient.
There are guides for installation and set up which lead you through the necessary steps to bring the system online. The Luna SA needs to be configured with one or more logical HSM partitions, which in turn can be configured to contain virtual servers and services, and the keys and certificates associated with them.
Real servers are defined as clients of the partitions and their contents. The system requires trusted links to be set up between the servers and the device, a process which involves installing and running the client software on the servers and exchanging keys and certificates with the Luna SA.
Communication between clients and the virtual servers and services assigned to them can only occur across the trusted links, which use SSL encryption and full two-way digital certificate authentication. The Luna SA prevents unauthorized access to any part of a partition's contents, and also prevents authorized clients from accessing virtual servers and services not allocated to them.
The device can operate as part of a more elaborate set-up or in standalone mode, which is how we tested it. It also supports Microsoft IIS 5.0, IIS 6.0, and Windows ISA Server for Microsoft Windows 2000 Server and Windows Server 2003 as well as Apache Web Server 1.3.27 and 2.0.46 and Sun One Web Server 4.1, 6.0
Once the device is operating correctly, the front panel can be locked away securely behind a tamper-proof screen. This denies access to the serial link, preventing unauthorized reconfiguration.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Report: Mirai 'is just the tip of the iceberg'
- Data centres are on the move - where will they end up?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- 400% increase in POS malware variants across US Thanksgiving weekend
- Only 25% of businesses can effectively detect and respond to data breaches
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears