Luna SA 4.1.1 - Secure Support - SafeNet

Issue Priority Synopsis(24986) 32-bit appsupport on 64-bitWin2003 for Luna SA(24749) Customerrequest for more MIBsto monitor the healthof our appliances(24232) Apply Luna ISntls memory leak fixesto Luna SAMHHProblem: Need support for 32-bit apps on 64-bit Windows.Fixed: This was a testing-only issue to discover the support parameters. Results asfollows:Our 32 bit applications (CMU, CKDEMO, MULTITOKEN, etc..) and client librariesWILL work on a 64 bit Windows machine. Therefore, if a client has a customJava/C/C++ application which is compiled as a 32 bit application then everything willwork as expected. (The registry maintains separate directory for 32 bit applications andwill redirect and calls to entries without any changes required by the user.) However,the 32 bit CSP/cryptoki.dll will NOT work for the Certificate Services Microsoftapplication. This is because the CertSrv app is a 64 bit process running in 64 bit IISand will not load a 32 bit .dll.Problem: Needed additional capabilities to monitor and assess the health andperformance of the appliance via industry-standard monitoring protocols.Fixed: Included 2 new MIB agents to the snmp and added the lm_sensorscomponents to support the hardware stats MIB.Problem: Several memory leak fixes to the Luna IS 5.x product greatly improvedstability and memory usage. These should be applied to Luna SA.Fixed: The fixes were ported to Luna SA and tested.(24196) Luna SA DoSAttack with ssh via ntlsportHProblem: A potential denial of service attack was demonstrated when a networkvulnerability scanner repeatedly probed the ntls 1792 port. Ntls stopped accepting newconnection requests, but did continue to serve existing connected clients.Fixed: The probing is now handled gracefully.(24036) Need a way toconfigure dual portmode for K5 in SA4.xvia lunash(24007)Edit of Hosts file onLuna SALLProblem: The K5 in Luna IS 4.0 runs in DMA mode. A dual port dump from a cardrunning in this mode yields very little info in terms of debugging problems. The cardcan be configured to run in dual port mode at driver startup, but there is no way toconfigure this in the field. That means debug info provided by a customer for aproblem they are having may not give us the info we need. We ran into this problemon [another Luna product], and added lunash commands to set the driver to run in dualport mode. Something similiar for Luna SA is probably a good idea.Fixed: The hsm debug command was added.Problem: Customer would like the ability to edit the hosts file entries on the Luna SA.Reason: they have client systems with 3 unique IP NIC's....having one hostname certfor all NTLS connections from these NICS is needed, but on the Luna SA end there isa need to associate the hostname with one of the specific NIC IP's.Fixed: Added new sub command "hostip" under client command to allow hostname toip mapping.Revised list of OAM&P events for Luna SALogged as InfoCL_LogInfo("Parallel command supported");CL_LogInfo("DUALPORT communication mode");CL_LogInfo("DMA communication mode");CL_LogInfo("Timestamp update rate is low: last timestamp = %d min, new timestamp = %d min(%04d:%02d:%02d:%02d:%02d)",timestamp_g[0],currTime,RTC_GetYear(&rts),RTC_GetMonth(&rts),RTC_GetDay(&rts),RTC_GetHour(&rts),RTC_GetMinute(&rts));CL_LogInfo("DePadRSA: invalid block type (0x%x).", in[1]);CL_LogInfo("Warm boot Initialization");CL_LogInfo("Power-up Initialization");CL_LogInfo( "Firmware revision %d.%d.",Luna SA 4.1.1 Customer Release Notes 007-010109-001 Revision G Copyright 2007-2012 SafeNet Inc. 14