guides:workstation_configuration
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
guides:workstation_configuration [2019/01/17 02:10] – administrator | guides:workstation_configuration [2025/10/23 20:58] (current) – 216.9.23.34 | ||
---|---|---|---|
Line 2: | Line 2: | ||
- | Once you have acquired your ERDS and/or G2G workstation, | + | Once you have acquired your ERDS and/or G2G workstation |
+ | These tasks include: | ||
{{tablelayout? | {{tablelayout? | ||
^ Task ^ Description ^ | ^ Task ^ Description ^ | ||
- | | Physically Secure The Workstation | Certified ERDS workstations must be physically secured. Per CeRTNA’s HW / SW, CeRTNA recommends using a locking workstation security cabinet that can be secured to a wall or floor. \\ . \\ G2G workstations are not required to be kept in a locking security cabinet, however, many CeRTNA clients do secure their G2G workstations as well. | | + | | Physically Secure The Workstation |
- | | Workstation Configuration | ERDS workstations need to pass a system security audit in order to be certified for transmitting ERDS transactions. This document provides recommendations on how to configure a variety of operating system components on your local workstations, | + | | Workstation Configuration | ERDS workstations |
- | | Network / Firewall Configuration | Per regulations, | + | | Network / Firewall Configuration | Per regulations, |
- | | Software Installation | There is a limited amount of software that needs to be installed. Currently these include: \\ . \\ - SafeNet Authentication Client (SAC) \\ - APEX \\ - Microsoft Baseline Security Analyzer (MBSA) | + | | Software Installation | There is a limited amount of software that needs to be installed. Currently these include: \\ . \\ - SafeNet Authentication Client (SAC) \\ - APEX \\ . \\ APEX is CeRTNA’s client application software that is used to interact with the CeRTNA ERDS & G2G platforms. \\ . \\ The SafeNet Authentication Client (SAC) contains USB token drivers and APEX uses the token drivers to access the token based PKI certificates that are used for authentication, |
- | | Generate MBSA Report | + | | Certificate Installation |
=== Workstation Configuration === | === Workstation Configuration === | ||
+ | |||
+ | You will need to determine if your users are going to login to the ERDS or G2G workstation or VM's using a domain login account or a local login account. If you choose to use a local user account you will need to create the user accounts using Windows Computer Management feature which is accessible via the Windows Control Panel/ | ||
+ | |||
+ | You will also need to determine whether your organization is going to manage the various security settings for the workstation or VM using Group Policy or Local Security Policy or a combination of both. CeRTNA does not have strict rules on which method you use. We have customers that use both methods effectively. | ||
Once your workstation is installed, complete the following tasks: | Once your workstation is installed, complete the following tasks: | ||
- | * Create individual user accounts (non-admin) for the users that are or will be authorized to use the CeRTNA ERDS workstation. | ||
* Disable the local Guest account. | * Disable the local Guest account. | ||
- | * Ensure the anti-virus/ | + | |
+ | | ||
+ | * Ensure that a local Windows Firewall is running on the ERDS/G2G workstation. Some 3rd party antivirus solutions override the built-in Windows Firewall and this is acceptable as long as the firewall is enabled and protecting the computer. | ||
+ | |||
+ | |||
+ | == Install the CeRTNA Root CA certificate == | ||
+ | |||
+ | INstallation instructions can be found at LINK | ||
Line 32: | Line 43: | ||
- | Anti-virus/ | + | Anti-virus/ |
Line 41: | Line 52: | ||
- | As per regulations, | + | As per regulations, |
* Via organizational firewall rules. | * Via organizational firewall rules. | ||
Line 50: | Line 61: | ||
- | {{page> | + | {{page> |
Line 66: | Line 77: | ||
{{page> | {{page> | ||
- | |||
- | |||
- | == Microsoft Baseline Security Analyzer Installation == | ||
- | |||
- | |||
- | {{page> | ||
- | |||
- | |||
- | === MBSA Reporting === | ||
- | |||
- | |||
- | {{page> | ||
guides/workstation_configuration.1547691013.txt.gz · Last modified: by administrator