CASES.LU

Glossary

  1. ▹ Antivirus
  2. ▹ Assets
  3. ▹ Authentication
  4. ▹ Availability
  5. ▹ Basic criteria for risk analysis
  6. ▹ Computer Hacks
  7. ▹ Confidentiality
  8. ▹ Control
  9. ▹ Cryptography
  10. ▹ Cybercrime
  11. ▹ Cybercriminals
  12. ▹ DRP – Disaster Recovery Plan
  13. ▹ Data backups
  14. ▹ Data loss
  15. ▹ Defacement
  16. ▹ Disinfect machine with a live CD
  17. ▹ Disposal
  18. ▹ Email
  19. ▹ Firewall
  20. ▹ Human error
  21. ▹ IDS/IPS
  22. ▹ Image rights
  23. ▹ Impact
  24. ▹ Integrity
  25. ▹ Internet and copyright
  26. ▹ Legal Aspects
  27. ▹ LuxTrust
  28. ▹ Malicious Codes
  29. ▹ Malicious websites
  30. ▹ Network segmentation
  31. ▹ Password
  32. ▹ Patches
  33. ▹ Phishing
  34. ▹ Physical faults
  35. ▹ Securing a fixed workstation
  36. ▹ Physical theft
  37. ▹ Recommendations for securing a file server
  38. ▹ Recommendations to secure a server connected to Internet
  39. ▹ Recommendations to secure a Web server
  40. ▹ Removable devices
  41. ▹ Risk processing
  42. ▹ Spam – unwanted emails
  43. ▹ SSL/TLS – encryption technologies on the web
  44. ▹ Update softwares with Secunia PSI
  45. ▹ Security Charter
  46. ▹ Social engineering
  47. ▹ Threat
  48. ▹ Virtual Private Networks (VPNs)
  49. ▹ Vulnerabilities
  50. ▹ Web of Trust - WOT
  51. ▹ Web filter – Proxy
  52. ▹ Why is it important to protect your computer?

LuxTrust

In brief

LuxTrust offers authentication and electronic signature products. The most frequently used products in the professional domain are the chip card and the signing stick. From a technological point of view, these two products are very similar: a chip integrated into the card or the USB stick contains an authentication certificate and a signature certificate. The chip card requires the use of a card reader, which is not the case for the USB stick.

Depending on the type of card, the signature may be a personal signature, in other words in the cardholder’s name, or it may be a professional signature, which means it’s in the name of one of the organisation’s managers and makes it liable.

Advantages

The following security advantages are offered by either the chip card or the signing stick:

  • The authentication and signature devices cannot be copied;
  • The activation of certificates requires a PIN code to be entered. As the card is automatically blocked after 3 incorrect PIN code attempts, a brute force PIN code attack is impossible, even though the code is composed solely of numbers. To unlock the card, you need the PUK code, which is much more complex than the PIN code;
  • It’s very easy and quick to change the PIN code. It is therefore recommended that you change it immediately if you suspect a third party might have discovered it.
  • You will soon notice if the card or stick has been stolen, especially in a professional environment where the authentication and signature device is used regularly. If necessary, the tool in question can quickly be cancelled or temporarily suspended. Such a cancellation or suspension becomes effective within four hours at most.

Security measures

Behavioural security measures

Make sure you adopt some security measures:

  • The LuxTrust authentication device is strictly personal. Guard against any illicit use, notably theft.
  • Do not lend your authentication and signature device to others. Anybody who is in possession of your LuxTrust authentication device and who knows your PIN code can sign authorised documents or access your online services, both professional or private.
  • Never write your PIN code on your LuxTrust card.
  • In the event of theft, cancel your LuxTrust card immediately. In case of doubt, you can suspend your LuxTrust authentication signature device for 30 days. A suspended certificate can be reactivated, whereas the cancellation of a card is permanent. As the suspension or cancellation of your card takes affect within 4 hours of the request, once this deadline has passed your card with no longer work for authentication or signatures.

Organisational security measures

  • Draft and enforce a security policy relating to the development and maintenance of the systems – electronic signature;
  • Draft and enforce a security policy relating to access control – access rights management;
  • Train your staff in the correct use of LuxTrust’s signature and authentication devices.

Table of Contents