Manualshelf

User guide

ManualsBrandsJuniper ManualsNetworkingSA6500 FIPS
61626364656667686970
Create multiple administrator cards—You cannot replace an administrator card unless
you have another valid card and the pass phrase for that card; the cryptographic module
does not store administrator card recovery data. Therefore, we strongly recommend
that you create at least one administrator card for standard administrative operations
and another for backup purposes. Otherwise, you run the risk of losing your only
administrator card and subsequently losing access to your security world and all the
data it stores. You can only create a set of administrator cards, all at once. You cannot
add additional cards to an existing set.
Store a backup administrator card in a secure location—Always keep your backup
administrator card(s) in a secure location separate from the card you use for standard
administrative operations to ensure that you do not lose all of your administrator cards
to the same event (such as a fire or theft).
Overwrite all remaining administrator cards if one gets lost—If you lose or damage an
administrator card, immediately create a new security world and overwrite all remaining
cards from the old security world. Otherwise, an attacker with an old administrator
card may be able to access old host data stored on a backup tape or another host.
With the old host data and an old card, the attacker may then be able to re-create your
keys.
Protect the administrator card’s pass phrase—For maximum security, you should never
write down your pass phrase, tell it to untrusted users, or use a pass phrase that is easy
to guess. Protecting your pass phrase adds an extra level of security to your operations.
Only use your administrator card with known, trusted sources—Always obtain smart
cards from a trusted source, never insert a smart card into an untrusted smart card
reader, and never insert untrusted smart cards into your smart reader.
Related
Documentation
SA FIPS on page 7
Creating a New Security World on page 17
Recovering an Archived Security World on page 20
Copyright © 2012, Juniper Networks, Inc.58
SA Series 4500, 6500, and FIPS Appliances