This release provides security improvements including support for environments that prohibit any type of self-signed certificates and SSH security enhancements for greater access control. HSM administrators also now have the ability to set an initial password when creating a user and are able to perform partition initialization via lush. Key cloning backwards compatibility for mixed version and hybrid deployments between Luna and Luna Cloud HSMs has also been improved.
What’s New at a Glance:
Partition Initiation via lush for Easier Administration: Luna HSM administrators can now initialize a partition with Partition Security Officer (PSO) and partition Crypto Officer (CO) roles via lush. Making it easy to hand off a ready-configured partition for client applications.
Ability to Set Initial Password When Creating Users: Creation of an HSM user now requires setting an initial password that meets Linux password security standards which eliminates the risk of an HSM administrator not changing a default ‘password’.
3rd Party NTLS and REST Webserver Certs:
REST Webserver can be signed by an External CA: Customers can generate a CSR, or a self-signed certificate with customized fields (location, date, etc.), for REST webserver certificates.
Use REST API to configure NTLS Signing Certs: Customers now have greater control over their HSM certificates with the option to sign client and server-side NTLS certificates with a 3rd party CA using REST API.
Supports environments that prohibit any type of self-signed certificate in order to pass internal audits.
SSH Security Improvements:
Whitelist IP Addresses: Restrict access via SSH to the HSM from a list of whitelisted IP for enhanced access control.
SHA-1 Disabled: Luna Network HSM appliances no longer allow SHA-1 when setting up an SSH session providing enhanced network security.
SSH Inactivity Timeout: SSH sessions now automatically timeout after 30 minutes of inactivity.
Key Cloning – Backward Compatibility Improved: Mixed version and hybrid deployments between Luna and Luna Cloud HSMs now possible making it easy for customers to move their keys between any Luna HSM (on-premises or Cloud) and enable hybrid HA groups.
Luna Network HSM v7.7.1 is a field release. Customers with active maintenance contracts can upgrade and take advantage of the new capabilities. Luna HSM v7.7.1 can be downloaded from the Thales Support Portal (Knowledge Base Article: KB0024216).
For more information please contact your Thales representative.