===== ERDS & G2G Workstation Configuration ===== Once you have acquired your ERDS and/or G2G workstation and/or created your ERDS and/or G2G Virtual Machine, a variety of tasks must be performed to prepare the workstation to be used with CeRTNA’s ERDS and/or G2G platform. These tasks include: {{tablelayout?colwidth="250px,350px"&rowsFixed=1&rowsVisible=10&float=center}} ^ Task ^ Description ^ | Physically Secure The Workstation \\ (Standalone workstations only.) | Certified ERDS workstations must be physically secured. Per CeRTNA’s HW / SW, CeRTNA recommends using a locking workstation security cabinet that can be secured to a wall or floor. \\ . \\ G2G workstations are not required to be kept in a locking security cabinet, however, many CeRTNA clients do secure their G2G workstations as well. \\ . \\ Notes regarding Virtual Machine (VM) installation are provided further down in this document. | | Workstation Configuration | ERDS workstations and/or Virtual Machines need to pass a system security audit in order to be certified for transmitting ERDS transactions. This document provides recommendations on how to configure a variety of operating system components on your local workstations, including Windows Update settings, Local Security Policy settings, and Anti-Virus/Malware Protection settings. \\ . \\ G2G workstations are not subject to a system security audit, however CeRTNA recommends applying the same settings to your G2G workstation as recommended for your ERDS workstation. \\ . \\ Additional workstation configuration details are provided later in this document. | | Network / Firewall Configuration | Per regulations, certified ERDS workstations and/or Virtual Machines are expected to be secured for the ‘sole use’ purpose of electronic recording activity. CeRTNA’s ERDS infrastructure is accessible over the Internet, as such, workstations must restrict access to only domains that are required to facilitate the functionality provided in the APEX client. A list of the domains that are used by APEX are listed further down in this document. \\ . \\ Additional network configuration details are provided provided later in this document. | | Software Installation | There is a limited amount of software that needs to be installed. Currently these include: \\ . \\ - SafeNet Authentication Client (SAC) \\ - APEX \\ . \\ APEX is CeRTNA’s client application software that is used to interact with the CeRTNA ERDS & G2G platforms. \\ . \\ The SafeNet Authentication Client (SAC) contains USB token drivers and APEX uses the token drivers to access the token based PKI certificates that are used for authentication, digital signatures, and encryption/decryption functions. \\ . \\ Additional software installation details are provided later in this document. | | Certificate Installation | The CeRTNA Root CA certificate needs to be installed to support out Private Key Infrastructure. | === Workstation Configuration === You will need to determine if your users are going to login to the ERDS or G2G workstation or VM's using a domain login account or a local login account. If you choose to use a local user account you will need to create the user accounts using Windows Computer Management feature which is accessible via the Windows Control Panel/Administrative Tools in Windows 10 or the Control Panel/Window Tools in Windows 11. You will also need to determine whether your organization is going to manage the various security settings for the workstation or VM using Group Policy or Local Security Policy or a combination of both. CeRTNA does not have strict rules on which method you use. We have customers that use both methods effectively. Once your workstation is installed, complete the following tasks: * Disable the local Guest account. * Rename the local Administrator user account. * Ensure the anti-virus/anti-malware software is installed. Note: Windows Defender is built into the Windows 10 and Windows 11 operating systems. * Ensure that a local Windows Firewall is running on the ERDS/G2G workstation. Some 3rd party antivirus solutions override the built-in Windows Firewall and this is acceptable as long as the firewall is enabled and protecting the computer. == Install the CeRTNA Root CA certificate == INstallation instructions can be found at LINK == Update the following Local System Settings == {{page>[:guides:local_system_settings&noheader&noindent&nofooter&nouser&nodate&noeditbtn&nopermalink]}} === Anti-Virus Configuration === Anti-virus/Anti-malware software must be installed on your ERDS & G2G workstations. Windows 10 and Windows 11 both include Windows Defender. Your organization may be using an alternative 3rd party software product, for example, Symantec Endpoint Protection, McAfee Anti-Virus, AVG Anti-Virus, Trend Micro Anti-Virus, or any of the other myriad of commercial anti-virus products available. CeRTNA accepts your organizations solution for anti-virus/anti-malware protection, however, you must be able to show a security auditor that the anti-virus/anti-malware software is active and show that both quick and/or full scans are being completed on a regular basis. {{page>[:guides:anti-virus_settings&noheader&noindent&nofooter&nouser&nodate&noeditbtn&nopermalink]}} === Network/Firewall Configuration === As per regulations, the ERDS & G2G workstations are required to be for the 'sole-use' function of electronic recording. To that end, CeRTNA requires that the sites accessible by the ERDS & G2G workstations are restricted. There are different ways that this can be accomplished including: * Via organizational firewall rules. * Via local workstation network/proxy settings. * Via a password controlled access lists. Your organizations IT staff will be able to assist with this configuration item. {{page>[:guides:firewall_settings&noheader&noindent&nofooter&nouser&nodate&noeditbtn&nopermalink]}} === Software Installation === == SafeNet Authentication Client Installation == {{page>[:guides:safenet_installation&noheader&noindent&nofooter&nouser&nodate&noeditbtn&nopermalink]}} == APEX Client Installation == {{page>[:guides:apex_installation_guide&noheader&noindent&nofooter&nouser&nodate&noeditbtn&nopermalink]}}