System Security

The System Security screen enables suitably authorised users to configure:

A one time password (OTP) to use with the HMAC recompute Utility.
The automated system integrity checking process which will detect accidental or intention unauthorised changes to the ADSS Server database records.
The users that will receive integrity alert messages.
Master Key Settings that allows the user to renew the master key or take back up of master key (in case of Auto Startup) as well as send renewal and backup alerts to the configured users.

HMAC Settings

This section allows the user to perform configurations related to HMAC.

The fields on this page are described as follows:

Items

Description

HMAC Recompute Utility Authorisation

Defines the following:

Generate OTP Timeout

This feature allows a one time password (OTP) to be generated to authorise the running of the HMAC recompute utility. The HMAC utility will only run when it receives a correct OTP code. In this way Dual Control can be applied to the running of the external utility by adding dual control to this feature.
The OTP Timeout configures the expiry interval for the OTP regarding the HMAC key. The time interval can be set to a set number of minutes from the time of generation.

System Integrity Checking

Defines the following:

HMAC Key

A default HMAC key comes pre-bundled with the ADSS Server installation. This can be replaced with user generated HMAC keys (using the Key Manager module) at any time. An HMAC key may either exist in software (database) or on a PKCS#11 device e.g. an HSM.
It is important to note that upon configuring a new HMAC key, the existing HMAC values within the ADSS database records need to be updated. This can be done by using a separate utility as described within the ADSS Installation Guide. Read that for further details. HMAC re-computation can be a time-consuming operation depending on the size of the database, so should be performed at off-peak times, and ideally using a separate machine.

Enable Automatic HMAC Verification

When this option is checked in, the system will verify the HMAC on all tables after the configured time. Also, if any record is changed in the database and you open the page where data integrity is compromised, that record will be shown with coloured background which mean that the data against the particular record has changed. If you uncheck the above mentioned checkbox then HMAC is computed but verification is not performed.

Warnings:

Automated HMAC verification is resource-hungry process and it will impact the performance of other ADSS Server services. The task should not run too frequently or alternatively a dedicated ADSS Server should be used for this tasks thus removing the overhead from front end services.
If the records are in millions, then the user needs to increase the memory of Core instance.

HMAC Verification Interval

HMAC Verification Interval field becomes available when Enable Automatic HMAC Verification check box is checked. This field allows configuring the interval for the subsequent executions of automatic HMAC verification. The time interval can be configured in days.

HMAC Verification Start Time

HMAC Verification Start Time field becomes available when Enable Automatic HMAC Verification check box is checked. This field allows configuring the starting time for the subsequent executions of automatic HMAC verification. The interval in the time duration is set at 15 mins.

Send alerts if system integrity checks fail

When enabled, this checkbox allows sending of email alerts to the selected ADSS Server User(s) when the system integrity check fails because one or more records have changed or been deleted.

Note: If the HMAC is corrupted then relevant screens of ADSS Server GUI are shown with HMAC alert message where the records are found to be corrupted. This ensures that an user does not approve any operation where such corruption exists until the problem has been analyzed.

Encryption Key Settings

The change of DEK/KEK is highly sensitive operation and it can impact availability of the system. It is highly recommended to follow these instructions before changing KEK/DEK:

Stop ADSS Server Core and ADSS Server Service instances from Services Panel.
Take a backup of the ADSS Server database at the latest state.
Change the KEK/DEK and press the Save button for the changes to take effect. By pressing Save button, all secure objects will be re-encrypted under new KEK/DEK and this operation can take time according to the size of data so be patient and wait for the operation to complete.
Once the operation is completed, start the ADSS Server Core and ADSS Server Service and restart the ADSS Server Console from Services Panel.

Note: Check your changes on a test system prior to any change on a production system.

The fields on this page are described as follows:

Items

Description

Encryption Key Settings

Defines the following:

Key Encryption Key (KEK)

A default KEK comes pre-bundled with the ADSS Server installation. This can be replaced with user generated KEK keys (using the Key Manager module) at any time. A KEK key may either exist in software (database) or on a PKCS#11 device e.g. an HSM.

It is important to note that upon configuring a new KEK key, then the existing DEK would be decrypted with old KEK and then re-encrypt with the new KEK.

Data Encryption Key (DEK)

A default DEK comes pre-bundled with the ADSS Server installation. This can be replaced with user generated DEK keys (using the Key Manager module) at any time. A DEK key can only be exist in software (database).

It is important to note that upon configuring a new DEK key, then the existing DEK would be decrypted with configured KEK and all existing information is decrypted and then encrypted again with the new DEK and then new DEK will be re-encrypted again with the configured KEK.

Warnings:

We can change configured DEK on ADSS Server Console but this could initiate a very time consuming process as there could be very large data that will be encrypted and changing DEK will require to decrypt this data with the older DEK and then encrypt it with the new DEK. The system will remain unavailable to the user during this time. It is highly recommended to read the caution points mentioned in the System Security Setting section on ADSS Server GUI.
Before changing the configured DEK, please make sure that there are no pending records in the Approval Manager. Once the DEK is changed, the pending records will no longer be valid for approval.

Master Key Settings

This section allows the user to perform configurations related to Master Key. It also shows information of current Master Key Type.

The fields on this page are described as follows:

Items	Description
Master Key Settings	Defines the following:
Send alert on master key renewal	If the checkbox is enabled, an alert will be sent to the configured user upon the renewal of master key.
Send alert on master key backup	If the checkbox is enabled, an alert will be sent to the configured user upon taking the backup of master key.
Renew/Backup Master Key	The user can renew or take back up of master key based on Master Key Type. To know the details regarding the configuration of each Master Key Type, visit the below links: Software based key - Auto Startup Software based key with M of N controls - Manual Startup Hardware based key - Manual Startup

Console Access Settings

The fields on this page are described as follows:

Items	Description
Console Access Settings	Defines the following:
Console Access Token Time	This field represents the time duration for which the access token will remain valid for authenticating the API's.
Console Access Token Signing Key	This field represents the key that is used to sign the access token. By default system defined HMAC key is used, however if the user has defined its own HMAC key, it can be selected from the drop-down list.