Hardware security processor, certificate security

Similar Messages

• Buongiorno, ho acquistato un macbook pro 13 retina fine 2013, e giocando a touchgrind, che richiede poco a livello hardware, il processore raggiunge subito i 90-95 gradi celsius,è normale? che succederebbe giocando a un gioco più pesante (borderlands 2)?

  Buongiorno, ho acquistato un macbook pro 13 retina fine 2013, e giocando a touchgrind, che richiede poco a livello hardware, il processore raggiunge subito i 90-95 gradi celsius, è normale? Essendo touchgrind 'leggero', quanto si riscalderebbe il processore con un gioco come borderlands 2, che si può considerare 'pesante'? grazie in anticipo

  Games can be very CPU/GPU intensive and temperatures in the 90°c range are not uncommon.  Note that there are thermal shutdown provisions in the Macbook Pro that will turn the computer off before damage from heat will harm it. 
  If possible, play games on it in environments are cool and consider a cooling pad if you wish to play games often.
  Ciao.

• Apple developer keys hosted in hardware security modules

  Is it possible to configure the Apple KeyChain to use keys (private keys), related to either developer or distribution certificates, hosted in external tokens (smartcard or HSMs)?
  Thanks

  When you setup a device password, it is used as a seed to create a filesystem encryption key which is then used to encrypt the file system. This way when you send a device wipe command, they just blow away the encryption key from the crypto processor and you are done, instead of having to wipe upto 32Gb of Flash memory with crap.
  You cannot get certs back out of the device.
  You need to take a leap of faith here and assume this is protecting everything.
  I can bet your  Security team can't get squat out of the device with a physically connection and no access to the device password. They will just get photos.
  Ashish

• Hardware Security Modul (HSM) - SAP PI 7.0

  One of my customers want to use a HSM with PI. Did anyone of our partners develop a SAP adapter that supports such an integration?

  Hi Bart,
    I have read somewhere that HSM used secure webservices served through HTTPS.
  So, you might want to check the SOAP adapter.
  See also: [SAP Security Guide XI|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0097e5ce-8216-2a10-4ea3-a3ff32c071c8], [HTTP and SSL|http://help.sap.com/saphelp_nw04/helpdata/EN/14/ef2940cbf2195de10000000a1550b0/frameset.htm].
  Regards,
  Ravi

• Does anyone know where I can get a hardware security box for a Mac Mini?

  I have a few mac minis that we use in our Media Studies dept. We had a recent break in and one was taken. Does anyone know of any security boxes that will anchor the mac mini down to furniture? I don't want security cables as they can be easily cut. i know there are boxes/cases/clamps that you can buy from the US, but i need a UK supplier. Any comments would be grateful. Thanks.

  Hi Mr Shake,
  I work for an educational institution. We use lock-down cables, since our insurance requires it. We don't actually care if the occasional machine gets stolen, since if it was locked down, it's covered. I mean, we'd rather they weren't, but we don't have a sentimental attachment to all ten thousand computers we have..
  As for UK suppliers, I can't help you, sorry.

• USB Security Dongle won't start

  I cannot use the software which my printing lab has supplied me with. I am getting the following message when I try to open the installed software:
  1002: Cannot locate the Dongle (hardware security lock)!! Please reconnect it properly.
   I have tried extensively to find a solution through updates and other options my computer suggests but nothing is working. I am using Windows 7.
      The red light does work on the dongle and the dongle does register on my computer.
      Other devices do work in the same USB ports.
      I have unplugged and taken out battery on computer for several minutes.
      I have uninstalled and reinstalled the device.
      I asked the printing lab for a replacement dongle so I am using a replacement one and both the original and the replacement have the same problem.
      I have used this software and this dongle in a previous computer (HP) with the same operating system 2 years ago and it worked ok.
      The dongle also does not work on my husbands computer (Asus) Windows 7.
      The dongle does work on a friends Windows 7 computer so I know the dongle(s) are not he problem.
      I am completely up to date on windows updates.
      The manufacturer for the dongle and software say they do not have any additional drivers or updates for the dongle.
      The lenovo solution centre tells me there is a problem with the device doesn't offer me any solutions.
      In the device manager properties I get the follwing message: This device cannot start. (Code 10)
  I have tried everything I can and have come up against a brick wall every time. I know the dongle works, The USB port does operate other devices although the devices seem a bit loose in it.
  Any ideas that I havent already explored?

  <The manufacturer for the dongle and software say they do not have any additional drivers or updates for the dongle.>
  Does that mean
  1.  That the device doesn't require a driver at all
  or
  2. That they don't have anything other than what they think you have right now?
  Code 10 usually presents when there is a driver problem or when Windows doesn't know what the device is--because the driver isn't identifying the device properly. 
  When you plug it in to your friend's PC, what does it look like in Device Manager?  Look in the driver tab.  What do you see?

• MAC Address security for login into CRM

  Hi,
  Can somebody tell me that how can i provide any hardware security to our CRM users. For example - MAC Security.
  If a CRM user is having the login ID and password of another user, he can easily access the records of that user. Can we provide any type of hardware security ?
  Regards
  Khushboo Mittal

  I haven't come across any hardware security feature so far. The best you can do is the IP address restrictions.

• Certificate store only valid for one machine

  Hello all,
  I'm new in the world of digital certificates and I've found one little big problem that is driving me crazy. I'm using a certificate to establish a SSL connection between a web server and a client browser. This certificate (I'm using Tomcat) is inside a keystore (a jks file). The problem is that this certificate is really important, and the people that provides it does not want it to be used by anyone, so they don�t want anyone to be able to export the private key inside it.
  As I have to include the password to the certificate and the store is a config file, if someone enters in the system as the tomcat user and copies the jks file and also copies the password, will have all the control over the certificate, and will can use it.
  The only solution to this problem I can think of is, and I don�t know if it is possible, is to include the certificate in a computer-dependant keystore. Is there a way to do it? Is there any other method to prevent someone with the privileges of the tomcat user to use the certificate?
  Thank you all in advance :)

  If I understand your problem correctly, then I don't think there is anything you can do short of using a hardware security module (HSM). And even an HSM is not a magical device that can prevent you from using it insecurely. For example, you suggest that you cannot prevent an unauthorized user from logging on with the same account as Tomcat. In that case, even if the private key never leaves the HSM it is still available for private-key operations, a severe weakness. Thus, at a minimum, you must at least ensure that only authorized users have access to the private key regardless of how it stored.
  It is certainly possible to create a computer-dependent keystore, but all such schemes that I am aware are essentially just obfuscation.

• Installing SSL certificates

  I have:
  - Comodo root certificate (UTN-USERFirst-Hardware.cer)
  - RBC certificate signed by Comodo (RBCHCHighAssuranceServices.crt)
  - My wildcard certificate (*.company.com) signed by RBC (RBC HC Wildcard Certificate.crt)
  Help me to install this certificate chain on router (3825) to provide secure trusted access to router (https) and SSLVPN service.
  Have anyone step-by-step instruction?

  That's what I was worried about. If I'm not mistaken (and I easily could be!), wildcard certificate is supposed to include the private/public key pair (password protected) if you want to import it on 2nd, 3rd, etc device. Only the first device that CSR was generated on has the original public/private key pair.
  I've setup a few SSL VPN boxes with wildcard certificates (required for ASA vpn load balancing), and I usually generated the key pair right on the box (IOS/ASA), then create the CSR on the box (IOS/ASA), submit it to the cert vendor, and get the CRT file from them. I think that CRT file doesn't include the key pair, because my CSR doesn't include the key pair either. I simply import the certificate and everything is working because private/public key pair is already on the box.
  I suspect that since you already have this wildcard certificate, you (or someone else) must have generated the public/private key pair and the CSR on some other device already. I don't believe that you can request wildcard certificate without having a CSR, and you can't have a CSR without a public/private key pair. If that is the case, you actually need to go to that device (could be a windows server for example), or in fact any device that this wildcard certificate is already installed on, and you have to export it in PKCS12 format (.p12 extension) which will include the certificate and the private/public key pair. You can then import it to your IOS device (see #3 below).
  I suspect that someone simply gave you the .CER file they received from CA. Instead, they should have exported the installed certificate from their device in PKCS12 format (.p12).
  If I'm wrong, and your IOS device is the first device generating this certificate, then follow the instructions below.
  By the way, I believe that you can have multiple different wildcard certificates generated based on different public/private key pairs. The question is why spend all that $
  Here is what I think needs to be done if you want to generate new (and pay for it) wildcard certificate.
  1. You have to generate the public/private key pair on some device first. Your IOS router could be the first device that needs the wildcard cert to generate this key pair.
  hostname(config)# crypto key generate rsa label SSLVPN modulus 1024
  2. Recreate trustpoint. Authenticate using ROOT CA. Genereate CSR on your IOS router (now you have to specify keypair under trustpoint).
  no crypto pki trustpoint sslvpncert
  crypto pki trustpoint sslvpncert
  enrollment terminal
  fqdn none
  subject-name CN=*.company.com,OU=Department,O=Company,C=RU,St=State,L=City
  revocation-check crl
  rsakeypair SSLVPN
  crypto pki authenticate sslvpncert
  crypto pki enroll sslvpncert
  3. Next you'll have to resubmit CSR to your cert vendor or to your CA. If it's your internal CA, I assume you don't have to pay. You will need to get a new certificate using the new public/private key pair. Once you get the CRT file, import it, it should work this time:
  crypto pki import sslvpncert certificate
  4. You're done. Now, if you want some other device on your network to use this wildcard certificate, you can export your IOS certificate to flash: using PKCS12 format:
  crypto pki export sslvpncert pkcs12 flash:
  It will ask you to password protect it. This certificate will include the private/public key pair that was originally generated on your IOS device. You can then use this .p12 file and import it on another device.
  Please let me know if you figure this out.
  Regards,
  Roman

• Hardware Encryption on 3GS

  Ok, maybe I am missing something but... is this on by default and not able to disable or is there a way to enable this? Being in a hospital environment we would need to verify or be able to prove that hardware encryption is in fact on and working. I manage a BES environment now, and I have a corporate policy set to enable hardware security on all of our Blackberry devices. I have been through the 3GS with a fine tooth comb and can not locate anywhere to enable/disable the encryption. Any info would be greatly appreciated.

  As I understand it:
  - Hardware encryption of the entire flash memory is enabled by default on all iPhone 3GS
  - There is currently no way of accessing the encryption key, it seems to be generated by the phone, and is only stored on the phone itself. The only way to get a new key is to do a complete device erase.
  - The encryption is transparent, that means that someone with access to the phone could use it, access the data, and even by jail braking would be able to transfer all the data. To all applications running on the phone, it looks like nothing is encrypted.
  - You need to rely on the iPhone OS to prevent unauthorised access to any data. So you need to trust it that it has no vulnerabilities (tough when Apple is not using the current state of the art, as buffer overflows are completely avoidable, and the 3GS can still be jail broken) and you need to make sure that physical access to the device is prevented by setting up a pass code.
  - As explained above you will need to set up iTunes to encrypt the backup it generates, otherwise this would be backdoor into the iPhone device data.

• X509 certificate format

  Hi,
  I want to use certificate to identify my thin client hardware .Only thin client terminal who
  have certificate will be able to use my server software functionality.
  I want to issue them certificate on the basis of following information.
  1.HW serial Number
  2.processor type
  3.OS
  I am not able to understand what should be the Key Usage Type.
  Further i am not able to understand where i will put the hardware information x509
  certificate.
  Please suggest me how a x509 certificate should look like.
  What should be in the
  Subject Name
  Issuer Unique Identifier (Optional)
  Subject Unique Identifier (Optional)
  OID of my certificate (should it be a new OID)
  subject alternative name
  Regards,
  Sunil

  You really have complete control over what is in the certificate. Of course, whatever choice you make has to work with all the other software that needs to understand your certificate.
  You could, for example, place all the information in the subject name. You could encode it all in the CN, or use the other standard fields as well. You can also use the subject alternative name extension exclusively. Or some combination.

• A reasonable hardware configuration for Linux OAS

  Has anyone out there tried to run
  Oracle 8 for Linux and OAS 3.02
  all on the same toasted PC/pentium server?
  Could you tell me the nature of your
  hardware configuration (processor speed, ram, etc)
  if you feel the performance is acceptable for
  development (not for actual business operation).
  The technical FAQ lists 48 megs and any
  Pentium to run Oracle 8 for Linux which
  verges on ridiculously low.
  I just want to know a reasonable
  configuration to run both Oracle 8 and OAS .
  Thanks,
  Heji
  null

  I have been runnig OAS/O8 on a Pii/300Mhz system with 128mb of
  ram, and so far I have no real complaints on speed. I even tuned
  the SGA to give a little better performance and still have around
  40 or so MB free. BTW, I haven't really tried to mess around
  with the Linux version of OAS, but have used the Solaris version
  previously, have you noticed any problems with the wrb starting
  up? I have seen some error messages saying "No processes..." or
  something, looks like an error.. have you experienced this?
  Tom Tyson
  mark theodoras (guest) wrote:
  : Heji (guest) wrote:
  : : The technical FAQ lists 48 megs and any
  : : Pentium to run Oracle 8 for Linux which
  : : verges on ridiculously low.
  : The install guide says 32M minimum for O8. I'm not sure with
  : OAS. Given (pc) memory is cheap, I am running O8/OAS3 with
  128M,
  : with no complaints.
  : Given laptop memory is not so cheap, are there folks running O8
  : and OAS3 with 48, 40, or less ram ????
  : I can second any pentium would suffice. I am using P133 & P166
  : systems, and the CPU is NOT the bottleneck.
  : Mark
  null

• CS6 photoshop is lagging but the rest of CS6 is not, i don't think hardware is the issue.

  Hardware specs:
  Processor: Intel® CoreT i7-4710MQ, 6MBL3 Cache, 2.5-3.5GHz
  Memory: (8GB) 8192MB, PC3-12800/1600MHz DDR3 - 2 SO-DIMM
  Graphics Card: NVIDIA Quadro® K1000M 2GB DDR3
  Hard Drive: 500GB 2.5" SATA3 Hybrid w/ 4GB NAND Flash
  Operating System: Microsoft® Windows® 8.1; 64-bit
  All of photoshop is lagging for me but my biggest issue with it is the brushstroke lag. I really need this program to work for my commissions and classwork, and have done all the troubleshooting I can on my own. I'm willing to even downgrade to CS4 if necessary, but if i can get cs6 to work that would be preferred. does anyone have a solution for this?

  System requirements | Photoshop
  Under Edit > Preferences > Performance, how much memory is available to PS.  What is your scratch disk space?  Is Use Graphics Processor checked or un-checked?
  Nancy O.

• Hyperion Planning Server Hardware Specifications/Requirment 11.1.2

  Hi Team member,
  we are planning to buy Production & Development Server for Oracle Hyperion Planning & Budgeting Instance,
  please advise where I can find document/formula to calculate Hardware Specification/requirements to order rite Hardware.
  Regards,
  Alee
  Edited by: Alee on Jun 12, 2012 4:59 AM

  Hi team members,
  we are using Hyperion PLanning Version (11.1.2)...
  if someone can redirect me to formula kind of thing "how to calculate Hardware Requirements WRT increase in number of concurrent sessions".
  for example need formula like below.
  Minimum Server Requirement: 10 GB lets say for 5 concurrent sessions for 1-2 Applications
  for every 5 concurrent user addition, increase Hardware Like processor 1 2.X Ghz , Ram 5GB , HDD 100 GB....
  thanks for your replies, I already checked mentioned documents (Deployment Guides).
  Regards,
  Alee

• Disabling one processor

  Hi,
  i'm a little curious about this,
  is it possible to disable one processor manually from osx?
  Will it consume less power (perhaps half?).
  I'm asking this because i keep the macpro on all the day,
  but only a few hours i need to work hard with all the 4 cores.
  I'm not crazy, simply my energy bill this month was a bit too high and i think the guilty was the macpro.

  you can use apples chud tools to disable one or more cores: http://www.versiontracker.com/dyn/moreinfo/macosx/14358
  when you install it youll get a 'hardware' or 'processor' prefpane which will let you disable the last 3 cores of the mac. im not sure whether this actually turns them off, but they certainly get no tasks to carry out so it should use less power. you can also keep your work to just the boot drive and any other drives you have in there will spin down, thatll use less power. i cant think of much else to do really.. turn the brightness down on your monitor if its tft, those backlights eat up power. oh yea, and turn off airport and bluetooth as well as the ethernet ports if youre not using them.