Display Terminal to connect to my physical HSM (Thales RG7000 & RG8000)

[B T]

Hi all,

As per the PCI Pin Security Standard, it is not recommended to connect
your HSM to a PC-based system. Hence it is not recommended to connect
to a laptop/PC.

However I'm trying to look for a 'dumb terminal' (i don't know that
correct term to use) to connect to the HSM, does anyone have any idea
what equipment i should be looking for, any references will greatly
help

many thanks,

Ronish

[Alejandro Revilla]

You could buy an inexpensive IBM 3151 or a VT220 on e-Bay.

--
@apr

[B T]

Thanks, have an IBM 3476, is this compatible, tried to connect, but
not getting the HSM prompt, there's only a blank screen with "1/80" at
the right end corner of the screen

any idea what going wrong?

Thanks

[Mark Salter]

On 04/07/2011 13:16, B T wrote:
> any idea what going wrong?

Yes, don;t you think you should be reading your HSM documentation?

Please at least mark this as 'Off-topic'.

--
Mark

[joaobalogh]

I know the tool "Remote Manager HSM" with this tool you can do many
operations remotely. I believe that this tool meets the standard PCI.
Follow the link product http://goo.gl/XpCTL

Hope this helps.

Sincerely,
João Balogh

[B T]

For your info, I've gone through the documentation, and it does not
contain information i am requesting in this discussion

Any more constructive comments is most welcome

[Alejandro Revilla]

I believe this is a TwinAxial terminal, probably implementing 3270 or 5250, you need an ASCII terminal.

In addition, you need to check that you speed, parity and word length are correct.

If this were 25 years ago, I would have recommended Telix or better yet, Multimate :)

If you have a Linux box, you may be able to use the 'cu' command over an RS-232 link.

[Mark Salter]

On 06/07/2011 08:57, B T wrote:
> For your info, I've gone through the documentation, and it does not
> contain information i am requesting in this discussion

I do find it a little hard to believe that the technical documentation
for either of these Thales devices does not provide guidance on what you
are trying to do, however...

... the Thales datasheet provides some important details and includes
contact numbers across the globe.

A quick call to an open open office (FL, USA) and :-

RG7000

Rs-232 v.24 Baud 300 (default) odd parity or 19200 no parity
(I think both are 8-bit).

RB8000

Rs-232 v.24 Baud 9600 (default), no parity.

Do you have a support contract with Thales? They were quite helpful to
me even though I don't.

I would like to think that connecting a dedicated (cheap) pc directly
via the ethernet port would be PCI acceptable, perhaps using one of the
more secure operating systems with tightened/minimal software. I did
not check what protocol or interface is provided of tcp/ip, but I'm sure
Thales can guide you if needed.

>
> Any more constructive comments is most welcome
>

Please take a read of :-

www.catb.org/~esr/faqs/smart-questions.html

it may also help you progress.

Ps, this is still off-topic for this mailing list, please continue to
indicate this in the subject as above.

Thanks.

--
Mark

[B T]

Thanks, looking into in. This is definitely the way forward

On Jul 5, 4:21 am, joaobalogh <joaobal...@gmail.com> wrote:
> I know the tool "Remote Manager HSM" with this tool you can do many
> operations remotely. I believe that this tool meets the standard PCI.

> Follow the link producthttp://goo.gl/XpCTL

>
> Hope this helps.
>
> Sincerely,
> João Balogh
>
> On 6 jun, 08:31, B T <bidout...@gmail.com> wrote:
>
>
>
> > Hi all,
>
> > As per the PCI Pin Security Standard, it is not recommended to connect
> > your HSM to a PC-based system. Hence it is not recommended to connect
> > to a laptop/PC.
>
> > However I'm trying to look for a 'dumb terminal' (i don't know that
> > correct term to use) to connect to the HSM, does anyone have any idea
> > what equipment i should be looking for, any references will greatly
> > help
>
> > many thanks,
>

> > Ronish- Hide quoted text -
>
> - Show quoted text -

[B T]

Thanks for shedding light on this, indeed this is a TwinAx terminal...
unfortunately, its the first time i'm working with such terminals!

[B T]

> I do find it a little hard to believe that the technical documentation
> for either of these Thales devices does not provide guidance on what you
> are trying to do, however...

It does mention about RS-232 for console connection, but i was
struggling to connect a console that I managed to get. However we now
understand that the terminal was not compatible

>    RB8000
>
>    Rs-232 v.24 Baud 9600 (default), no parity.

Above are OK, we are already using above settings when connecting
through a PC

> Do you have a support contract with Thales?  They were quite helpful to
> me even though I don't.

Yes, we do, will be contacting them, as soon as i manage to get a
compatible console

> I would like to think that connecting a dedicated (cheap) pc directly
> via the ethernet port would be PCI acceptable, perhaps using one of the
> more secure operating systems with tightened/minimal software.  I did
> not check what protocol or interface is provided of tcp/ip, but I'm sure
> Thales can guide you if needed.

Already using PC to connect to the HSM, but the list of requirements
that the PCI PIN Security auditor has given us is too complex to
manage in an efficient way, this is why we are looking for alternative
ways to connect to the HSM, hence current investigation on 'dumb
terminals'

> Please take a read of :-
>
> www.catb.org/~esr/faqs/smart-questions.html
>
> it may also help you progress.

yes, will do, many thanks

> Ps, this is still off-topic for this mailing list, please continue to
> indicate this in the subject as above.

Yes, will do

[Alejandro Revilla]

The IBM-3151 is a very solid terminal, sold for about 150 on E-Bay.