beautypg.com

0 security guidelines, 1 sha-2 compliance, 1 card content signed with sha-2 – HID Crescendo C1150 Administration Guide User Manual

Page 111: Security guidelines, Sha-2 compliance, Card content signed with sha-2

background image

HID Global Crescendo C1150 – Administration Guide

November 2013

Page 111 of 115

© 2013 HID Global Corporation. All rights reserved.

11.0 Security Guidelines

The chapter provides guidelines for ensuring the secure deployment of the Crescendo C1150
Mini Driver.

It is limited to recommendations for securing the environment assets that have an impact on
the Crescendo product and environment. Standard best IT security practices should also be
considered as part of a secure deployment. The chapter is organized by recommendations.

11.1 SHA-2 Compliance

As part of a security improvement, organizations are transitioning from the SHA-1 hashing
algorithm to a SHA-2 (usually SHA-256) hashing algorithm, especially for digital signature
operations.

This section describes the impact of these changes on various applications.

11.1.1 Card Content Signed with SHA-2

The Crescendo C1150 Mini Driver supports smart cards whose content (digital certificates) is
signed with a SHA-2 hashing algorithm. This change might have an impact on some
applications, as indicated in the table below.

Service

Product and versions

Notes

Windows PKI Logon

Supported Clients – Windows XP
SP3, Vista, 7 and 8

Supported Servers - Windows
Server 2003, 2008, 2008 R2 and
2012

Windows Server 2003 requires two
Microsoft hot fixes not available on
Windows Update - KB 938397 and 968730

Remote access

Windows, Check Point, Cisco, Juniper,
etc.
Check with your vendor.

Secure web access

Supported browsers - Microsoft
Internet Explorer 6 and later, and
Google Chrome 11 and later.
Browsers have limited impact on
SHA-2 certificates.

Supported server - IIS 6 and later,
Apache 2.2 and later.
Check with your vendor for other
web servers

IIS 6 on Windows Server 2003 requires
two Microsoft hot fixes not available on
Windows Update - KB 938397 and
968730.

Secure email

Supported applications:

Microsoft Outlook 2003, 2007,
2010,

Outlook Web Access (with
Exchange 2003, 2007, 2010)

Email signature is configured for SHA-1.
See next section for SHA-2 configuration.

See also other documents in the category HID Equipment: