HSM Training

Upcoming Training Date: Mar 25th - Mar 26th, 2024

$2,990.00

Hardware Security Modules (HSMs) course is recommended for anyone using, managing, deploying or designing Encryption and Key Management solutions with HSM components.

Get the syllabus
SKU: HSM001 Category:

Description

About Course

Our HSM Training is tailored for individuals seeking expertise in setting up, deploying, and monitoring Hardware Security Modules (HSMs) from nCipher, Thales-e-Security/Safenet, Utimaco, and Cloud HSMs. Our course adopts a hands-on approach to provide a deep understanding of HSM cryptographic operations.

Throughout the course, attendees cover foundational cryptography concepts, master the management of HSMs, and engage in real-world scenarios illustrating HSM use cases. The curriculum includes disaster recovery strategies, hardware security module configuration across leading providers, and maintenance best practices.

Participants benefit from optional feature discussions, gaining insights into advanced functionalities based on diverse use cases. The training is enriched with hands-on practical sessions, allowing for the direct application of theoretical knowledge.

We recommend this course for individuals who want to learn how to set up, deploy and monitor Hardware Security Modules (HSMs) from:

  • nCipher
  • Thales-e-Security/Safenet
  • Utimaco
  • Cloud HSM
HSM Training

Class Audience

  • Beginners
  • |
  • Intermediate
  • |
  • Advanced

Course Contents

Day 1

Hardware Security Modules

  • What is a Hardware Security Module (HSM)
  • Benefits of using HSMs
  • Key Theft Attacks
  • Why we use HSMs
  • Paper serial numbers (PSN) and ESNs
  • Performance

HSM Use Cases

  • PKI Use
  • Web Servers
  • Encryption
  • Cloud Security (Bring your own Key)

HSM Software : Security World – Card sets and Keys

  • What is Security World?
  • Admin Card Set
  • Understand the K-of-N principle
  • Card storage advice
  • The nShield smartcards – what’s new?

Install HSM Software

  • Installation on supported platforms
  • Software Versions
  • Default file locations
  • Practical Session #1: Installing HSM Software on Windows and Linux

HSM Basic Configuration

  • nShield Connect initial configuration
  • The role of the RFS File System

Practical Session #2: HSM Basic Configuration

  • Remote File System
  • RFS Setup
  • Add RFS to nShield Connect
  • nShield Connect Export log files to RFS (Optional)

Practical Session #3: RFS-Server Setup and Configuration

  • Client (application) servers
  • Privileged and non-privileged clients
  • What are nTokens?

HSM Clients: Practical Session #4: Enroll Clients

  • Verify installation and Client/module enrollment.

Day 2

Introduction to Security World

  • A brief word on FIPS
  • Configuration options for Security World
  • Changing HSM Modes
  • Create a Security world
  • Practical Session #5: Create a new Security World

Key Protection and Key Creation

  • Application Key Tokens
  • Key Protection
  • Operator Cardset (OCS)
  • Softcards
  • Keys
  • Practical Session #6: Create OCS Card sets

Remote-Management

  • Remote Management Possibilities
  • Remote Operator vs. Remote Administrator
  • Configuration

Remote Operator

  • Remote-Operator
  • When and why use a Remote Operator?

Remote Administration

  • Remote-Administration Overview
  • nShield HSMs supported by Remote Administration
  • Secure Channel Concept
  • Deploying Remote Administration
  • Authorized Cards List
  • HSM remote reboot (Version 12)
  • Check or update Security World remotely

Maintenance

  • SNMP Traps and location of MIB for Monitoring
  • Upgrade Firmware
  • Upgrade Security World Software

Disaster Recovery

  • Lost operator card sets (OCS)
  • nShield hardware failure
  • Lost administrator card sets
  • Forgotten passphrase
  • Practical Session #7: Replace Cards

Additional Features and Licenses

  • Available features
  • Feature activation card
  • Enable features using FET
  • Remote feature enabled (Version 12)
  • Static and dynamic features

Load Balancing

  • Pool mode vs Legacy load sharing
  • Preload
  • PKCS11
  • Performance Tuning

KEYSAFE – THE HSM Management GUI

  • The HSM GUI
  • Requirements
  • Key Safe-Menu and Management Options

CodeSafe

  • Why CodeSafe?
  • Examples with/without CodeSafe
  • CodeSafe SSL

Customer Support

  • Supported Products
  • Support Locations and Contacts
  • Support Portal
  • Required Information
  • Criticality Assessment
  • Escalation Levels
  • Support Contracts

Examination for nShield Certified Systems Engineer

Certificate of Completion

Every student that attends and completes the full training scoring 70% in the HSM exam will receive a certificate of completion. The certificate will allow student to qualify for ISC2 continuing education credit for annual CPE commitments.

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo