Physical doors
The physical ports of Dinamo are described in the table below.
| Door | Connector | Entry | Output |
|---|---|---|---|
| LAN1 | RJ45 | x | x |
| LAN2 | RJ45 | x | x |
| Video | D15, DE-15 | x | |
| Keyboard | USB | x | |
| AC power | 2P+T | x | |
| Smart card reader | - | x | |
| LEDs | - | x | |
| On/off button | - | x |
The network interfaces are used to provide cryptographic services and certain device management operations. All communication sessions on the network interfaces must be authenticated and must be run under the account of a valid HSM user. There are no anonymous sessions or services that can be run without user authentication. Sessions can be established using a protected channel (TLS protocol) or an open channel; either way the user's authentication information does not travel in clear text over the network. Certain operations that are considered sensitive can only be carried out using encrypted sessions, and an error will be returned if they are requested in an open session. From an equipment point of view, all network interfaces are equivalent, and there are no service restrictions.
Info
When Dinamo is turned on, the only communication interface available is the local console (video and keyboard). The network interfaces are only released once the user has been authenticated using the smart card. This security measure ensures that only authorized personnel with physical access to the equipment can activate the HSM. After authentication, it is possible to start the HSM's services and make it available to applications and the remote management console.
The local console is used for initialization, activation and configuration of certain parameters of the device's operation. Initialization and activation can only be carried out using smart cards. Some operations (such as resetting the device's database) also require the use of smart cards.