Login
    Contenu x
    General Security Recommendations
    • 03 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    General Security Recommendations

    • Mis à jour le 03 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    This topic provides an overview of general security recommendations and best practices that must be met to be compliant with the General Data Protection Regulation (GDPR).

    Physical security of OneSpan Authentication Server Appliance

    Deny the physical access to unauthorized personnel. Possible vectors of unauthorized access include the following:

    • Resetting the access to the Configuration Tool via the Rescue Tool.

      The countermeasure is to protect console access via the authentication settings.

    • Restarting the appliance and gaining superuser access via boot parameters. This requires internal knowledge of the appliance software, but is possible.
    • Restarting the appliance from another boot medium and changing files on the appliances’ disk to gain access after it restarts or copying its data.
    • Theft of the appliances’ disk(s), especially for models with hot swappable disks.

    For OneSpan Authentication Server Virtual Appliance similar considerations apply. Limit the access to the hypervisor running OneSpan Authentication Server Virtual Appliance, in particular:

    • Limit console access.
    • Limit access to the files used as storage for the disks and/or snapshots of OneSpan Authentication Server Virtual Appliance.

    Backup files

    Backup files contain the configurations of OneSpan Authentication Server Appliance and OneSpan Authentication Server and thus may include personal user data. We recommend the following practices:

    • Configure an encryption passphrase in the backup settings. If this is not done, files in backup archives are still encrypted, but can be restored on any OneSpan Authentication Server Appliance instance.
    • Limit the access to backup archives to people who need it.
    • Do not use the unencrypted FTP protocol for automatic backups and opt for SSH File Transfer Protocol (SFTP) instead.
    • Limit network access to the scripted backups service.

    Support

    When contacting OneSpan support to help resolve an issue with OneSpan Authentication Server Appliance or your setup, OneSpan support staff may ask for the following:

    • Access via the Remote Support option.
    • A backup file of OneSpan Authentication Server Appliance to reproduce reported issues.
    • Access to log and trace files.

    All of these will be made accessible to a limited number of OneSpan personnel only. They will handle your data with care. When sending backup or log files, you should use a secure transport channel to do so. Additionally, encrypting the files and communicating the passphrase used for this over a separate channel increases security.

    Return of your appliance device

    When taking your appliance out of service or when sending it back for return merchandise authorization (RMA), we recommend to reset the appliance to factory default settings with the Rescue Tool before shipping it.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle