Document Library 420 ITEMS
Adobe Acrobat DC permits users to create, control, and secure Portable Document Format (PDF) documents. Users can also collectively review and edit documents, and convert documents from other formats to PDF. You can integrate Adobe Acrobat DC with nShield Time Stamp Server (TSS) to use time-stamping to seal documents.
This Integration Guide describes the deployment of a Palo Alto Networks Firewall with an nShield Connect hardware security module (HSM). The HSM securely generates and stores digital keys. It provides both logical and physical protection from non-authorized use and potential adversaries. The HSM-Firewall integration provides security by protecting the master keys. The HSM can also provide protection for the private keys used in SSL/TLS decryption, both in SSL forward proxy and SSL inbound inspection.
This guide describes how to integrate and use Enrust Security World software and Entrust Security nShield Hardware Security Modules (HSMs) with an Oracle database. The Oracle feature Transparent Data Encryption (TDE) provides data-at-rest encryption for sensitive information held by the Oracle database, while at the same time allowing authorized clients to use the database as normal. Both multitenant and non-multitenant Oracle database types are supported.
The nShield Hardware Security Module (HSM) can be used to generate and store a Root of Trust (RoT) that protects security objects used by Oracle Key Vault to safeguard users' keys and credentials. The HSM can be used in FIPS 140-2 Level 2 or Level 3 mode to meet compliance requirements. An Oracle Key Vault cluster node can have multiple HSMs enrolled, as long as the HSMs are in the same Security World.
Always Encrypted is a feature in Windows SQL Server 2016 designed to protect sensitive data both at rest and in flight between an on-premises client application server and Azure or SQL Server database(s). Data protected by Always Encrypted remains in an encrypted state until it has reached the on–premises client application server, this effectively mitigates man in the middle attacks and provides assurances against unauthorized activity from rogue DBAs or admins with access to Azure/SQL server Databases. Always Encrypted was designed to be used in conjunction with Transparent Data Encryption (TDE) however; TDE is NOT a requisite for implementing Always Encrypted.
Microsoft Host Guardian Service and Shielded Virtual Machines nShield HSM Integration Guide for Windows Server 2016 and Admin Attestation
This guide covers integration of the Host Guardian Service (HGS) role included in Microsoft Windows Server 2016 with the Entrust range of Hardware Security Modules (HSMs). The HGS can only be configured on Windows Server 2016 Standard or Datacenter; the HGS role is not supported on Nano Server or other versions of the Windows operating system.
This Integration Guide is part of the Bring Your Own Key (BYOK) Deployment Service Package for Microsoft Azure and covers the creation and transfer of a cryptographic key for use with Azure Key Vault. This cryptographic key, known as a tenant key if used with Azure Rights Management Service and Azure Information Protection, is created within the protection of the nShield Security World on the customer's premises and then securely transferred to Microsoft Azure and the protection of an nShield Security World hosted within Azure via Key Vault.
Entrust Hardware Security Modules (HSMs) integrate with Microsoft Authenticode to enable you to identify the publisher of a software component before it is downloaded from the Internet, and to verify that no one has altered the code after it has been signed. Authenticode integrates with Entrust Time Stamp Server (TSS) to use time-stamping.
Active Directory Federation Services (AD FS) is an installable component of the Microsoft Windows operating System. Once configured it provides the facility for single sign on for credential sharing and access control between trusted business partners (known as a federation) and across multiple business boundaries via a claims based authorization process using standards-based protocols such as https.
Microsoft Active Directory Certificate Services (AD CS) provides the functionality for creating and installing a Certificate Authority (CA). The CA acts as a trusted third-party that certifies the identity of clients to anyone who receives a digitally signed message. The CA may issue, revoke, and manage digital certificates.