erds:workstation_configuration
This is an old revision of the document!
ERDS & G2G Workstation Configuration
Once you have acquired your ERDS and/or G2G workstation, a variety of tasks must be performed to prepare the workstation to be used with CeRTNA’s ERDS and/or G2G platform. These tasks include:
| Task | Description |
|---|---|
| Physically Secure The Workstation | Certified ERDS workstations must be physically secured. Per CeRTNA’s HW / SW, CeRTNA recommends using a locking workstation security cabinet that can be secured to a wall or floor. . G2G workstations are not required to be kept in a locking security cabinet, however, many CeRTNA clients do secure their G2G workstations as well. |
| Workstation Configuration | ERDS workstations need to pass a system security audit in order to be certified for transmitting ERDS transactions. This document provides recommendations on how to configure a variety of operating system components on your local workstations, including Windows Update settings, Local Security Policy settings, and Anti-Virus/Malware Protection settings. . G2G workstations are not subject to a system security audit, however CeRTNA recommends applying the same settings to your G2G workstation as recommended for your ERDS workstation. . Additional workstation configuration details are provided later in this document. |
| Software Installation | There is a limited amount of software that needs to be installed. Currently these include: . - SafeNet Authentication Client (SAC) - APEX . APEX is CeRTNA’s client application software that is used to interact with the CeRTNA ERDS & G2G platforms. . The SafeNet Authentication Client (SAC) contains USB token drivers and APEX uses the token drivers to access the token based PKI certificates that are used for authentication, digital signatures, and encryption/decryption functions. |
| Network / Firewall Configuration | Per regulations, certified ERDS workstations are expected to be secured for the ‘sole use’ purpose of electronic recording activity. CeRTNA’s ERDS infrastructure is accessible over the Internet, as such, workstations must restrict access to only domains that are required to facilitate the functionality provided in the APEX client. A list of the domains that are used by APEX are listed further down in this document. |
| Generate MBSA Report | The Microsoft Baseline Security Analyzer (MBSA) is a tool produced by Microsoft that analyzes your workstation configuration to determine its level of security. It checks a variety of conditions, for example, are any Windows Updates are missing, is the firewall on, do any users have non-expiring passwords, etc. |
erds/workstation_configuration.1547579225.txt.gz · Last modified: by administrator