Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Security: PKI, HSMs and Services
Addressing the challenges
Premium Services Forum
25-26 November 2013
Amsterdam
Isabelle N...
Agenda
Improving the security
of your financial messaging infrastructure

HSM refresh : build your own project plan

HSM e...
PSF
2011

PSF
2012
Health
Check

“SWIFT audits the set-up of our
platforms and operating procedures “
Recommendations to m...
Can SWIFT help with your security requirements ?

Grant …..
Deny …..

?

Premium Service Forum 2013 – Amsterdam – 25-26 No...
AS-IS assessment

Network :Routers, switches, ports & IP filtering…
Application: A2A, U2A, Data storage,
Transfer software...
To-Be definition

Premium Service Forum 2013 – Amsterdam – 25-26 November 2013

6
Yes, SWIFT can help with the security
requirements you need to manage !

Premium Service Forum 2013 – Amsterdam – 25-26 No...
Case study : certificate management processes
Enhanced process

Former process

Security Officer

Security Officer

Certif...
Agenda
Improving the security
of your financial messaging infrastructure

HSM refresh : build your own project plan

HSM e...
Why refreshing HSMs ?

“Current HSM boxes are ageing
and reaching end of product life.
They must be refreshed to ensure
sa...
HSM Refresh: a 2-phases project

HSM
Hardware
Refresh

HSM
Usability
Evolution

Will address the most urgent issue: ageing...
HSM Refresh : where are we now ?
PSF 2012
Refresh Kick-off
Collection of
Customer feedback

2004

2005

2006

HSM Selectio...
HSM Box Rollout Timeline

Install

SWIFT readiness
Customer shipment
schedule communication

Complete

Ship refresh boxes
...
HSM Box Rollout Process

1

SWIFT has contacted all customers with shipment
schedule

2

SWIFT will send prefilled eOrder ...
IS5 HSM box will be refreshed with IS6 HSM box
New hardware with enterprise
class server-grade components

Standard 1U rac...
Planning your HSM refresh

Ordering
How many boxes to refresh?
How many PEDs needed?

HSM box

Timeline to order

Software...
HSM box refresh scenarios

#

Existing setup

Future setup

1

Old 2-box cluster

New 2-box cluster

Procedure overview
Cl...
2-box cluster : overview
Current

• Verify and ensure all
prerequisite’s are met.
• Necessary PED keys, their
pins and acc...
2-box cluster : Detailed steps (1/2)
1

Stop all SNL instances except SNL_1.
Manage replacement from SNL_1

2

Take backup...
2-box cluster : Detailed steps (2/2)
11

Disconnect HSMbox_1 from network

12

Remove HSMbox_1 from cluster configuration
...
HSM box refresh scenarios

#

Existing setup

Future setup

2

Old 3-box cluster

New 3-box cluster

Procedure overview
Cl...
3-box cluster : overview
Current

• Verify and ensure all
prerequisite’s are met.
• Necessary PED keys, their
pins and acc...
3-box cluster : Detailed steps (1/3)
1

Stop all SNL instances except SNL_1.
Manage replacement from SNL_1

2

Take backup...
3-box cluster : Detailed steps (2/3)
11

Disconnect HSMbox_3 from network

12

Remove HSMbox_3 from cluster configuration
...
3-box cluster : Detailed steps (3/3)
19

Disconnect HSMbox_1 from network

20

Remove HSMbox_1 from cluster configuration
...
HSM box refresh scenarios

#

Existing setup

Future setup

3

Old 4-box cluster

New 4-box cluster

Procedure overview
Cl...
4-box cluster : overview
Current

• Verify and ensure all
prerequisite’s are met.
• Necessary PED keys, their
pins and acc...
4-box cluster : Detailed steps (1/4)
1

Stop all SNL instances except SNL_1.
Manage replacement from SNL_1

2

Take backup...
4-box cluster : Detailed steps (2/4)

11

Disconnect HSMbox_1 from network

12

Remove HSMbox_1 from cluster configuration...
4-box cluster : Detailed steps (3/4)

19

Disconnect HSMbox_3 from network

20

Remove HSMbox_3 from cluster configuration...
4-box cluster : Detailed steps (4/4)

26

Disconnect HSMbox_4 from network

27

Remove HSMbox_4 from cluster configuration...
Q&A

Premium Service Forum 2013 – Amsterdam – 25-26 November 2013

32
Agenda
Improving the security
of your financial messaging infrastructure

HSM refresh : build your own project plan

HSM e...
HSM Usability Evolution

Improve HSM usability…
… without compromising on security
Simplify day-to-day management of HSM b...
What did you tell us?
Accounts &
keys

Pre-installation

Number PED keys

Physical access restricted

Different passwords ...
Only draft potential changes for
early customer feedback
Detailed validation and
specifications still to do

36
Potential improvements

Unified PED token
Accounts synchronization throughout the cluster
Default Remote PED access
Simpli...
Accounts, PED keys, passwords
Unified PED token
• Segregated responsibility per PED role, continue with
current multi-keys...
Accounts, PED keys, passwords
Accounts synchronisation between HSM boxes in cluster

Synchronization between all cluster m...
Pre-installation
Default Remote PED Access
Remote access in default state
Remote PED
Workstation

HSM

In factory default ...
Installation / Configuration
Reduce manual operations

• Systematic review to eliminate unnecessary PED
prompts for key HS...
Potential improvements

Customer configurable password expiry
Combine certificate & partition action in SAG
Initialise par...
Accounts, PED keys, passwords
Customer configurable password expiry

Configurable password expiry period

HSM accounts

• ...
Certificate management
Simplify partition management
Through Alliance Gateway :
• Initialize partition without a PED opera...
Potential improvements
USB-over-IP

Facilitating use of Remote PED
in virtualized environment

LAN

VM machine

Virtual de...
Now, could you please give your feedback on
these proposed evolutions ?
Unified PED token

1

Accounts synchronization thr...
Q&A

Premium Service Forum 2013 – Amsterdam – 25-26 November 2013

47
Conclusion
Discuss with your Account Manager or your
Service Manager if you need SWIFT assistance
on security requirements...
Thank you
Upcoming SlideShare
Loading in …5
×

Psf 2013 work session - Security pki hs ms and services

1,187 views

Published on

PSF 2013 EMEA - worksession - Security: PKI, HSMs and services; addressing the challenges

Published in: Technology
  • Be the first to comment

Psf 2013 work session - Security pki hs ms and services

  1. 1. Security: PKI, HSMs and Services Addressing the challenges Premium Services Forum 25-26 November 2013 Amsterdam Isabelle Noblesse, Security Product Manager Jean-Luc Le Poupon, Key Clients Service Manager
  2. 2. Agenda Improving the security of your financial messaging infrastructure HSM refresh : build your own project plan HSM evolution: manage operations more effectively Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 2
  3. 3. PSF 2011 PSF 2012 Health Check “SWIFT audits the set-up of our platforms and operating procedures “ Recommendations to maintain or to improve availability, reliability and performance Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 3
  4. 4. Can SWIFT help with your security requirements ? Grant ….. Deny ….. ? Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 Industry 4
  5. 5. AS-IS assessment Network :Routers, switches, ports & IP filtering… Application: A2A, U2A, Data storage, Transfer software … Data protection, Backups, Resiliency … Access to application (users, profiles) … HSM & Certificates management processes Strenghts ------------------------------------------------------------------------------------------------------------------------------------------------------------ Opportunities ------------------------------------------------------------------------------------------------------------------------------------------------------------ Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 Weaknesses ------------------------------------------------------------------------------------------------------------------------------------------------------------ Threats ------------------------------------------------------------------------------------------------------------------------------------------------------------ 5
  6. 6. To-Be definition Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 6
  7. 7. Yes, SWIFT can help with the security requirements you need to manage ! Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 7
  8. 8. Case study : certificate management processes Enhanced process Former process Security Officer Security Officer Certificate name & Initial password Certificate Name End User Gateway Admin Creates certificate and set an initial password Potential risk of impersonation: Gateway Admin could log in as SWIFTNet user Logs in and change his initial password End User Gateway Admin Creates ‘logical’ certificate ready for certification No impersonation possible Logs in using authorisation code, then choose initial password Requires Alliance Web Platform Organizational & roles segregation review has to be done Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 8
  9. 9. Agenda Improving the security of your financial messaging infrastructure HSM refresh : build your own project plan HSM evolution: manage operations more effectively Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 9
  10. 10. Why refreshing HSMs ? “Current HSM boxes are ageing and reaching end of product life. They must be refreshed to ensure safe and continuous operations” Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 10
  11. 11. HSM Refresh: a 2-phases project HSM Hardware Refresh HSM Usability Evolution Will address the most urgent issue: ageing hardware New features will be introduced after the hardware refresh Objective to simplify HSM operations Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 11
  12. 12. HSM Refresh : where are we now ? PSF 2012 Refresh Kick-off Collection of Customer feedback 2004 2005 2006 HSM Selection Program preparation SN Ph 2 Program Launch 2007 2008 Remote PED 2009 2010 Large certificate capacity 2011 2012 PSF 2013 We are here ! 2013 2014 201.. 3 to 4 boxes cluster New HSM Selection Program Preparation Shipment & Installation Key Clients Consultation Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 2015 Usability enhancements 12
  13. 13. HSM Box Rollout Timeline Install SWIFT readiness Customer shipment schedule communication Complete Ship refresh boxes Install HSM box or implement ARG Prepare Leftover shipments Complete refresh End of Support 2014 2013 May-June Shipment schedule communication Oct Early adopter phase Nov 15th New box ordering open Jan HSM Refresh shipment starts 2015 Sept 30th End of support of current boxes 13 Premium Service Forum 2013 – Amsterdam – 25-26 November 2013
  14. 14. HSM Box Rollout Process 1 SWIFT has contacted all customers with shipment schedule 2 SWIFT will send prefilled eOrder forms for customers to review and accept [12 weeks before shipment window] 3 Boxes will be shipped as per the shipping window 4 Customers have 6 months to install new IS6 HSM box T-16 Weeks T-12 Weeks T-6 Weeks T T+6 months Refresh Reminder Email Prefilled eOrder form via email Cust confirms eOrder Shipment month End of Install Window Old box replacement ends Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 14
  15. 15. IS5 HSM box will be refreshed with IS6 HSM box New hardware with enterprise class server-grade components Standard 1U rack mount chassis Redundancy for critical components Weight is 12.7kg (28lbs) Dual hot-swappable power supply units (450W) New decommission button New PED required for IS6 HSM box Visual indicator (led) and an audio alarm New PED backward compatible with IS5 HSM New PED can be used locally or remotely Current PED keys still valid and usable with new PEDs Backward compatible with IS5 HSM box clusters  Can interoperate with old boxes  No software upgrade or certificate migration USB to serial adapter packaged along with the box Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 Sensor output via SNL script and SNL events (patch 7.0.25) 15
  16. 16. Planning your HSM refresh Ordering How many boxes to refresh? How many PEDs needed? HSM box Timeline to order Software version currently running? Where to deploy new PEDs ? From which Remote PED workstations to operate ? PED Keys available during operations? Enough rack space? Rack mounting equipment available? Network setting of current boxes 2nd power supply plug Cluster refresh in one or multiple downtime window(s)? How to verify box synchronization status ? PED Infrastructure Staff Staff available to operate HSM passwords and PED keys PIN codes 16 Premium Service Forum 2013 – Amsterdam – 25-26 November 2013
  17. 17. HSM box refresh scenarios # Existing setup Future setup 1 Old 2-box cluster New 2-box cluster Procedure overview Click here (2B) * For customers who prefer to keep at least 2 boxes in cluster at all times during refresh procedure, new box can be added to cluster before removing old ones. This will require additional network connection. Replacement can be performed in single or multiple downtime windows based on customer preference. Each procedure includes an intermediate checkpoint step which can be used to come out of the downtime window, and continue the rest of the procedure in next downtime window. Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 17
  18. 18. 2-box cluster : overview Current • Verify and ensure all prerequisite’s are met. • Necessary PED keys, their pins and account passwords are available and verified. Intermediate • Replace the Secondary box • Add new HSM box to existing cluster as standby, using existing network connection Final • Replace a second box and promote new HSM as Secondary. • Re-register other SNLs • Promote new HSM as Primary. • Checkpoint – validate new HSM Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 18
  19. 19. 2-box cluster : Detailed steps (1/2) 1 Stop all SNL instances except SNL_1. Manage replacement from SNL_1 2 Take backup of HSMbox_1 (For fallback purpose) 3 Disconnect HSMbox_2 from network 4 Remove HSMbox_2 from cluster configuration 5 Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_2 6 Configure IS6_HSMbox_1 with the same network parameters as HSMbox_2 Port speed & duplex … IP address… 7 If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1 8 Promote IS6_HSMbox_1 to primary HSM box SNL_2 IS6_HSMbox_1 (P) Add IS6_HSMbox_1 to the cluster as a secondary HSM box 10 SNL_1 Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only) 9 HSMbox_1 (P) (S) Check point ** SNL_3 (P) Primary; (S) Secondary; (SB) Standby Checkpoint - confidence test IS6_HSMbox_1 (optional) a) Deregister all SNL instances except SNL_1 b) Register all SNL instances except SNL_1 c) Start all SNL and verify the message flow d) Stop all SNL Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 19
  20. 20. 2-box cluster : Detailed steps (2/2) 11 Disconnect HSMbox_1 from network 12 Remove HSMbox_1 from cluster configuration 13 Prepare IS6_HSMbox_2 and connect it to network, using the network cable that was previously connected to HSM box 14 Configure IS6_HSMbox_2 with the same network parameters as HSMbox_1 Port speed & duplex … IP address… 15 Reset the cluster compatibility version of IS6_HSMbox_1 16 Initialize IS6_HSMbox_2 with the Remote PED Secret (For remote PED only) 17 Add IS6_HSMbox_2 to the cluster as a secondary HSM box 18 Deregister all SNL instances except SNL_1 19 Register all SNL instances except SNL_1 20 Start all SNL and verify the message flow SNL_1 IS6_HSMbox_2 (S) SNL_2 IS6_HSMbox_1 (P) SNL_3 (P) Primary; (S) Secondary; (SB) Standby Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 20
  21. 21. HSM box refresh scenarios # Existing setup Future setup 2 Old 3-box cluster New 3-box cluster Procedure overview Click here (3B) * For customers who prefer to keep at least 3 boxes in cluster at all times during refresh procedure, new box can be added to cluster before removing old ones. This will require additional network connection. Replacement can be performed in single or multiple downtime windows based on customer preference. Each procedure includes an intermediate checkpoint step which can be used to come out of the downtime window, and continue the rest of the procedure in next downtime window. Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 21
  22. 22. 3-box cluster : overview Current • Verify and ensure all prerequisite’s are met. • Necessary PED keys, their pins and account passwords are available and verified. Intermediate • Replace the Secondary box • Add new HSM box to existing cluster as standby, using existing network connection • Promote new HSM as Primary. • Checkpoint – validate new HSM Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 Final • Replace a second box and promote new HSM as Secondary. • Replace remaining Standby box • Re-register other SNLs 22
  23. 23. 3-box cluster : Detailed steps (1/3) 1 Stop all SNL instances except SNL_1. Manage replacement from SNL_1 2 Take backup of HSMbox_1 (For fallback purpose) 3 Disconnect HSMbox_2 from network 4 Remove HSMbox_2 from cluster configuration 5 Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_2 HSMbox_1 (P) SNL_1 (S) 6 Configure IS6_HSMbox_1 with the same network parameters as HSMbox_2 IP address… Port speed & duplex … 7 If HSMbox_1 or HSMbox_3 are on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1 8 Promote IS6_HSMbox_1 to primary HSM box SNL_3 (SB) Add IS6_HSMbox_1 to the cluster as a standby HSM box 10 HSMbox_3 Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only) 9 SNL_2 IS6_HSMbox_1 (P) Check point ** (P) Primary; (S) Secondary; (SB) Standby Checkpoint - confidence test IS6_HSMbox_1 (optional) a) Deregister all SNL instances except SNL_1 b) Register all SNL instances except SNL_1 c) Start all SNL and verify the message flow d) Stop all SNL Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 23
  24. 24. 3-box cluster : Detailed steps (2/3) 11 Disconnect HSMbox_3 from network 12 Remove HSMbox_3 from cluster configuration 13 Prepare IS6_HSMbox_2 and connect it to network, using the network cable that was previously connected to HSM box_3 14 Configure IS6_HSMbox_2 with the same network parameters as HSMbox_3 IP address… Port speed & duplex … 15 If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_2 to 5.6.1 HSMbox_1 SNL_1 (SB) 16 Initialize IS6_HSMbox_2 with the Remote PED Secret (For remote PED only) 17 Add IS6_HSMbox_2 to the cluster as a standby HSM box 18 SNL_2 IS6_HSMbox_1 (P) Promote IS6_HSMbox_2 to secondary HSM box HSMbox_3 IS6_HSMbox_2 (SB) (S) SNL_3 (P) Primary; (S) Secondary; (SB) Standby Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 24
  25. 25. 3-box cluster : Detailed steps (3/3) 19 Disconnect HSMbox_1 from network 20 Remove HSMbox_1 from cluster configuration 21 Reset the cluster compatibility version of IS6_HSMbox_1 and IS6_HSMbox_2 22 Prepare IS6_HSMbox_3 and connect it to network, using the network cable that was previously connected to HSMbox_1 23 Configure IS6_HSMbox_3 with the same network parameters as HSMbox_1 IP address… Port speed & duplex … 24 25 Initialize IS6_HSMbox_3 with the Remote PED Secret (For remote PED only) Add IS6_HSMbox_3 to the cluster as a standby HSM box SNL_1 IS6_HSMbox_2 (S) SNL_2 IS6_HSMbox_1 (P) SNL_3 26 Deregister all SNL instances except SNL_1 27 Register all SNL instances except SNL_1 28 IS6_HSMbox_3 (SB) Start all SNL and verify the message flow (P) Primary; (S) Secondary; (SB) Standby Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 25
  26. 26. HSM box refresh scenarios # Existing setup Future setup 3 Old 4-box cluster New 4-box cluster Procedure overview Click here (4B) Replacement can be performed in single or multiple downtime windows based on customer preference. Each procedure includes an intermediate checkpoint step which can be used to come out of the downtime window, and continue the rest of the procedure in next downtime window. Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 26
  27. 27. 4-box cluster : overview Current • Verify and ensure all prerequisite’s are met. • Necessary PED keys, their pins and account passwords are available and verified. Intermediate • Replace the Secondary box • Add new HSM box to existing cluster as standby, using existing network connection • Promote new HSM as Primary. • Checkpoint – validate new HSM Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 Final • Replace a second box and promote new HSM as Secondary. • Replace remaining Standby boxes • Re-register other SNLs 27
  28. 28. 4-box cluster : Detailed steps (1/4) 1 Stop all SNL instances except SNL_1. Manage replacement from SNL_1 2 Take backup of HSMbox_1 (For fallback purpose) 3 Disconnect HSMbox_2 from network 4 Remove HSMbox_2 from cluster configuration 5 Prepare IS6_HSMbox_1 and connect it to network, using the network cable that was previously connected to HSMbox_2 HSMbox_1 (P) SNL_1 (S) 6 Configure IS6_HSMbox_1 with the same network parameters as HSMbox_2 IP address… Port speed & duplex … 7 SNL_2 IS6_HSMbox_1 (P) If HSMbox_1 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_1 to 5.6.1 HSMbox_3 8 Initialize IS6_HSMbox_1 with the Remote PED Secret (For remote PED only) HSMbox_4 9 Add IS6_HSMbox_1 to the cluster as a standby HSM box 10 Promote IS6_HSMbox_1 to primary HSM box Check point ** SNL_3 (SB) (SB) (P) Primary; (S) Secondary; (SB) Standby Checkpoint - confidence test IS6_HSMbox_1 (optional) a) Deregister all SNL instances except SNL_1 b) Register all SNL instances except SNL_1 c) Start all SNL and verify the message flow d) Stop all SNL Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 28
  29. 29. 4-box cluster : Detailed steps (2/4) 11 Disconnect HSMbox_1 from network 12 Remove HSMbox_1 from cluster configuration 13 Prepare IS6_HSMbox_2 and connect it to network, using the network cable that was previously connected to HSM box_1 14 15 Configure IS6_HSMbox_2 with the same network parameters IP address… Port speed & duplex … as HSMbox_1 If HSMbox_3 or HSMbox_4 are on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_2 to 5.6.1 16 Initialize IS6_HSMbox_2 with the Remote PED Secret (For remote PED only) 17 Promote IS6_HSMbox_2 to secondary HSM box SNL_1 (SB) SNL_2 IS6_HSMbox_1 (P) SNL_3 IS6_HSMbox_2 (SB) (S) HSMbox_4 Add IS6_HSMbox_2 to the cluster as a standby HSM box 18 HSMbox_1 Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 (SB) (P) Primary; (S) Secondary; (SB) Standby 29
  30. 30. 4-box cluster : Detailed steps (3/4) 19 Disconnect HSMbox_3 from network 20 Remove HSMbox_3 from cluster configuration 21 Prepare IS6_HSMbox_3 and connect it to network, using the network cable that was previously connected to HSMbox_3 22 23 Configure IS6_HSMbox_3 with the same network parameters as HSMbox_3 IP address… Port speed & duplex … If HSMbox_4 is on software version 5.6.1, set cluster compatibility version of IS6_HSMbox_3 to 5.6.1 24 Initialize IS6_HSMbox_3 with the Remote PED Secret (For remote PED only) 25 SNL_1 IS6_HSMbox_2 (S) SNL_2 IS6_HSMbox_1 (P) SNL_3 IS6_HSMbox_3 (SB) HSMbox_4 Add IS6_HSMbox_3 to the cluster as a standby HSM box (SB) (P) Primary; (S) Secondary; (SB) Standby Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 30
  31. 31. 4-box cluster : Detailed steps (4/4) 26 Disconnect HSMbox_4 from network 27 Remove HSMbox_4 from cluster configuration 28 Reset the cluster compatibility version of IS6_HSMbox_1, IS6_HSMbox_2 and IS6_HSMbox_3 29 30 31 Prepare IS6_HSMbox_4 and connect it to network, using the network cable that was previously connected to HSMbox_4 SNL_1 IS6_HSMbox_2 (S) SNL_2 IS6_HSMbox_1 (P) Configure IS6_HSMbox_4 with the same network parameters as HSMbox_4 Port speed & duplex … IP address… IS6_HSMbox_3 (SB) Initialize IS6_HSMbox_4 with the Remote PED Secret (For remote PED only) IS6_HSMbox_4 (SB) 32 Add IS6_HSMbox_4 to the cluster as a standby HSM box 33 Deregister all SNL instances except SNL_1 34 Register all SNL instances except SNL_1 35 SNL_3 Start all SNL and verify the message flow Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 (P) Primary; (S) Secondary; (SB) Standby 31
  32. 32. Q&A Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 32
  33. 33. Agenda Improving the security of your financial messaging infrastructure HSM refresh : build your own project plan HSM evolution : manage operations more effectively Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 33
  34. 34. HSM Usability Evolution Improve HSM usability… … without compromising on security Simplify day-to-day management of HSM boxes Reduce cost & risk associated with complex processes E A R LY C O N S U LT A T I O N D E TA I L E D S P E C I F I C AT I O N S Building roadmap PLANNING DRAFT HIGHLEVEL DESIGN Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 34
  35. 35. What did you tell us? Accounts & keys Pre-installation Number PED keys Physical access restricted Different passwords per box Administration PED needed locally once Password expiry period Monitoring Box backup Troubleshooting Certificate management Manual PED operation Installation Manual process Accounts, tools & teams Switching PED keys Scheduling Interface integration Configuration on each box Backup Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 35
  36. 36. Only draft potential changes for early customer feedback Detailed validation and specifications still to do 36
  37. 37. Potential improvements Unified PED token Accounts synchronization throughout the cluster Default Remote PED access Simplify installation (less PED user interactions) Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 37
  38. 38. Accounts, PED keys, passwords Unified PED token • Segregated responsibility per PED role, continue with current multi-keys scheme • Centralized responsibility for all PED roles, consolidate all separate keys on one unified PED token • Migration to unified PED token without re-initializing box Two models Operational simplicity Constraints • Separate prompt/PIN authorization still required Benefits • Reduce number of keys to manage • Reduce manual operations: no need to switch between keys Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 38
  39. 39. Accounts, PED keys, passwords Accounts synchronisation between HSM boxes in cluster Synchronization between all cluster members of: Reduce • User accounts & passwords risk • Policies such as password expiry • SNL registration information Accounts Synchronisation Accounts Sync Benefits • Simplify configuration changes • Limit risk of password de-synchronisation • No need for SNL reregister Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 39
  40. 40. Pre-installation Default Remote PED Access Remote access in default state Remote PED Workstation HSM In factory default state, enable default Remote PED access only to securely configure a new Remote PED secret Initiate Secure Tunnel USB Connection Remote PED New Remote PED Secret on HSM pushed to PED Benefits • Allow new manufactured boxes to be remotely accessed without pre-configuring a Remote PED secret • Allow HSM boxes to continue being managed remotely after a factory reset • Limit availability risk due to long intervention Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 40
  41. 41. Installation / Configuration Reduce manual operations • Systematic review to eliminate unnecessary PED prompts for key HSM functions Increase • Optimise user interactions to limit PED key insertions, PED prompts and PIN requests to a minimum Estimated PED reduction # of PED key insertions efficiency # of PED prompts Tasks (with Remote PED) Current Future Current Future Install & configure primary HSM box 7 1* 40 15 Add to a cluster & configure replica HSM box 10 1* 26 13 (*) these numbers are specific to using Unified PED token Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 41
  42. 42. Potential improvements Customer configurable password expiry Combine certificate & partition action in SAG Initialise partition without PED Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 42
  43. 43. Accounts, PED keys, passwords Customer configurable password expiry Configurable password expiry period HSM accounts • Prompt user to define password lifetime as part of installation • Command to configure password lifetime at any time after installation • Generate password expiry events to enable monitoring Admin Operator Account password expiry period currently fixed to 90 days Benefits: - Adapt password expiry to actual usage frequency & customer policy - Reduce risk of expired password when needed in emergency Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 43
  44. 44. Certificate management Simplify partition management Through Alliance Gateway : • Initialize partition without a PED operation • Option to combine Delete certificate with Initialize partition Benefits Partition can be freed-up without a PED operation even if password lost Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 44
  45. 45. Potential improvements USB-over-IP Facilitating use of Remote PED in virtualized environment LAN VM machine Virtual desktop Other certificate management improvement Optimize management of user certificates Automate recovery of a list of certificates HSM1 HSM2 HSM box Scheduling HSM box backup Admin Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 45 45
  46. 46. Now, could you please give your feedback on these proposed evolutions ? Unified PED token 1 Accounts synchronization throughout the cluster 2 Default Remote PED access 3 Simplify installation (less PED user interactions) 4 Customer configurable password expiry 5 Combine certificate & partition action in SAG 6 Initialize partition without PED 7 PEDs in virtualized environments 8 Optimization of user certificates management 9 Automatic certificates group recovery 10 Schedule of HSM boxes backup 11 Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 46
  47. 47. Q&A Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 47
  48. 48. Conclusion Discuss with your Account Manager or your Service Manager if you need SWIFT assistance on security requirements Finalize your HSM refresh project plan & be ready for the first from SWIFT Refer to the HSM Refresh pages and to the guide HSM evolution roadmap to be defined Session materials will be available on swift.com Premium Service Forum 2013 – Amsterdam – 25-26 November 2013 48
  49. 49. Thank you

×