ABELDent Platform Setup Conventions

Similar documents
ABELDent Platform Setup Conventions

ABELMed Platform Setup Conventions

ABELMed Platform Setup Conventions

NiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel

Campuses that access the SFS nvision Windows-based client need to allow outbound traffic to:

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

CaseWare Working Papers. Data Store user guide

INSTALLING CCRQINVOICE

Wave IP 4.5. CRMLink Desktop User Guide

Enterprise Installation

Please contact technical support if you have questions about the directory that your organization uses for user management.

These tasks can now be performed by a special program called FTP clients.

Welcome to Remote Access Services (RAS) Virtual Desktop vs Extended Network. General

Customer Information. Agilent 2100 Bioanalyzer System Startup Service G2949CA - Checklist

Admin Report Kit for Exchange Server

BMC Remedyforce Integration with Remote Support

RISKMAN REFERENCE GUIDE TO USER MANAGEMENT (Non-Network Logins)

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

Manual for installation and usage of the module Secure-Connect

Dynamic Storage (ECS)

Troubleshooting of network problems is find and solve with the help of hardware and software is called troubleshooting tools.

Installation and Getting Started

The screenshots/advice are based on upgrading Controller 10.1 RTM to 10.1 IF6 on Win2003

FollowMe. FollowMe. Q-Server Quick Integration Guide. Revision: 5.4 Date: 11 th June Page 1 of 26

Online Banking for Business USER GUIDE

WorldShip PRE-INSTALLATION INSTRUCTIONS: INSTALLATION INSTRUCTIONS: Window (if available) Install on a Single or Workgroup Workstation

DIVAR IP 3000 Field Installation Guide

Secure File Transfer Protocol (SFTP) Interface for Data Intake User Guide

REFWORKS: STEP-BY-STEP HURST LIBRARY NORTHWEST UNIVERSITY

BMC Remedyforce Integration with Bomgar Remote Support

ROCK-POND REPORTING 2.1

Announcing Veco AuditMate from Eurolink Technology Ltd

User Guide. Document Version: 1.0. Solution Version:

Configuring Database & SQL Query Monitoring With Sentry-go Quick & Plus! monitors

Reference Guide. Service Pack 3 Cumulative Update 2. Revision J Issued October DocAve 6: Control Panel

Release Notes. Dell SonicWALL Security firmware is supported on the following appliances: Dell SonicWALL Security 200

Getting started. Roles of the Wireless Palette and the Access Point Setup Utilities

ADSS Server Evaluation Quick Guide

DocAve 6 Service Pack 2 Control Panel

CSC IT practix Recommendations

LiveEngage and Microsoft Dynamics Integration Guide Document Version: 1.0 September 2017

Access the site directly by navigating to in your web browser.

Connect+/SendPro P Series Networking Technical Specification

IDEAL ADMINISTRATION 2018

Dear Milestone Customer,

Firmware Upgrade Wizard v A Technical Guide

USER GUIDE. Thanks for purchasing the igate! You ll need to follow these five Configuration Steps to get your igate up and running:

System Requirements for SurveyTracker Plus 6.0

Max 8/16 and T1/E1 Gateway, Version FAQs

Enabling Your Personal Web Page on the SacLink

I. Introduction: About Firmware Files, Naming, Versions, and Formats

ClassFlow Administrator User Guide

UPGRADING TO DISCOVERY 2005

OASIS SUBMISSIONS FOR FLORIDA: SYSTEM FUNCTIONS

TDR and Trend Micro. Integration Guide

Launching Xacta 360 Marketplace AMI Guide June 2017

TN How to configure servers to use Optimise2 (ERO) when using Oracle

Using the Swiftpage Connect List Manager

Refreshing Axiom TEST with a Current Copy of Production Axiom EPM June 20, 2014

Gemini Intercom Quick Start Guide

Telkom VPN-Lite router setup User Manual Billion 810VGTX

CCNA Security v2.0 Chapter 3 Exam Answers

Users, groups, collections and submissions in DSpace. Contents

1 Getting and Extracting the Upgrader

Graduate Application Review Process Documentation

IBM SPSS Interviewer Setting up Data Entry Supervisor machines for Synchronization

Oracle Universal Records Management Oracle Universal Records Manager Adapter for Documentum Installation Guide

Dolby Conference Phone Support Frequently Asked Questions

Integrating QuickBooks with TimePro

Release Notes. Dell SonicWALL Security BETA

Click Studios. Passwordstate. RSA SecurID Configuration

Demand Forecasting. For. Microsoft Dynamics 365 for Operations. Technical Guide. Release 7.1. December 2017

Using the Swiftpage Connect List Manager

Custodial Integrator. Release Notes. Version 3.11 (TLM)

STIDistrict AL Rollover Procedures

DocAve 6 Control Panel

Telkom VPN-Lite router setup User Manual Billion 800VGT

Upgrade Guide. Medtech Evolution Specialist. Version 1.11 Build (October 2018)

Dell EqualLogic PS Series Arrays: Expanding Windows Basic Disk Partitions

istartsmart 3.5 Upgrade - Installation Instructions

Managing User Accounts

SANsymphony Installation and Getting Started Guide. November 7, 2016

Avigilon Control Center Server User Guide. Version 6.4

Backup your Data files before you begin your cleanup! Delete General Ledger Account History. Page 1

IT Essentials (ITE v6.0) Chapter 5 Exam Answers 100% 2016

Password Reset for Remote Users

Delete General Ledger Account History

TRAINING GUIDE. Overview of Lucity Spatial

SmartPass User Guide Page 1 of 50

USER MANUAL. RoomWizard Administrative Console

Exosoft Backup Manager

Troubleshooting Citrix- Published Resources Configuration in VMware Identity Manager

HW4 Software version 3. Device Manager and Data Logging LOG-RC Series Data Loggers

1on1 Sales Manager Tool. User Guide

VMware EVO:RAIL Customer Release Notes

TRAUMACAD 2.5 PREREQUISITES

Client Configurations

File Share Navigator Online

Planning, installing, and configuring IBM CMIS for Content Manager OnDemand

Adverse Action Letters

Transcription:

Intrductin 1.1 Purpse f this dcument The purpse f this dcument is t prvide prspective ABELDent licensees and their hardware vendrs with the infrmatin that they will require t prepare fr the installatin and peratin f ABELDent. It will start with a brief verview f typical platfrms, and then prvide specific infrmatin that will be required t cnfigure an ABELDent ready platfrm. The sectins n cnfiguratin are mderately technical and intended primarily fr the use f the hardware vendr r IT prfessinal that will be cnfiguring the system. They are nt detailed instructins, it is expected that a cmpetent IT prfessinal will be familiar with these ubiquitus platfrms, and understand the cnventins. If yur hardware vendr needs clarificatin n any f the pints, please have them call (1-800-267-2235) r email ABEL at idept@abelsft.cm. We are happy t c-perate and wrk with yur hardware/it specialist t ensure that they get all the infrmatin required t get yur system setup fr ABELDent. 1.2 General Platfrm Overview ABELDent runs n Micrsft Windws perating systems and the Micrsft SQL Server database. ABELDent is designed t scale frm small peer t peer netwrks with few wrkstatins, t larger netwrks in busy clinics with dedicated servers serving administrative and clinical wrkstatins in peratries. The smaller netwrks, with less than six wrkstatins, can be served by a wrkgrup cnsisting entirely f cmputers running the Micrsft Windws client perating systems such as (Windws 10 Pr, 8 Pr, 7 Pr, r Vista Business). In this envirnment the file server is typically used as a wrkstatin. On larger netwrks with half a dzen r mre wrkstatins, a file/sql server with the Micrsft Windws Server perating system is required. ABELDent currently recmmends Micrsft Windws Server 2012 R2 r Micrsft Windws Server 2008 R2. The Windws Server perating system supprts larger netwrks and advanced features such as Active Directry security dmains, remte desktp services, and many ther features and tls. Sme small practices with less than 6 wrkstatins still pt fr a dedicated server with the server versin f the perating system in rder use active directry r ther such features. 1.3 Hw t prceed ABEL recmmends that when lking int purchasing yur hardware, perating system, and ther sftware fr ABELDent that yu get at least three qutes. Please make sure that yu prvide the ABELDent recmmended hardware requirements, and these setup cnventins, s that the hardware vendr can include setup t these cnventins in the price that yu are quted. Current System Requirements are always available n the ABEL website http://www.abeldent.cm. Sme custmers pt t purchase their wn hardware frm vendrs that d nt prvide setup and installatin services. In such cases yu are likely t require the services f an experienced IT persn wh can understand these setup cnventins and cnfigure the system(s) in cnfrmance with the cnventins. If yu are dealing with a hardware vendr that yu have nt wrked with in the past, ABEL recmmends checking references. In many areas ABEL can prvide the names f hardware vendrs wh have prepared ABELDent systems in the past. ABELDent Setup Cnventins Page 1 f 26 Last updated December 17 th, 2015

Server Setup Cnventins 1.4 Operating system 1.4.1 Server-Windws Server 2012 R2/Windws Server 2008 R2 1.4.1.1 Setup Please cnfrm t the fllwing cnventins when setting up a server with Micrsft Windws Server 2012 R2/Micrsft Windws Server 2008 R2. We recmmend that an Active directry dmain be set up. We recmmend using the NTFS file system. Setup TCP/IP as the netwrk prtcl. Set static IP addressing fr the server. ABEL recmmends a ruter with a firewall n all high-speed Internet cnnectins. The DC is usually cnfigured fr DHCP & DNS. In smaller practices withut a DC the ruter usually fills the DHCP/DNS rles. Name the cmputer with the custmer s ABEL client ID number. Fr example, if the ABEL custmer ID number is C09999-ODS, name the server C09999. Yu can get the custmer ID number by calling ABEL s prductin department and asking fr it. An Active directry dmain is nrmally set up if using the Windws Server perating system. With AD, user accunts nly have t be set up n the server, nt n each wrkstatin. Create an accunt fr each user. Ensure that each accunt has a passwrd. The users shuld change their passwrd the first time they lg in. Disable the guest accunt. Use a strng passwrd fr the administratr accunt. Make sure that the apprpriate persn at the ffice r clinic has this passwrd. Nrmally the dentist, ffice manager, r IT persn. A high speed Internet cnnectin is required fr remte supprt. ABEL prvides the required sftware via a brwser plug in at the time supprt is prvided. Mdem cnnectins such as RRAS and PC-Anywhere are n lnger recmmended fr remte supprt cnnectins. Set the display reslutin t at least 1920 x 1080. Install the mst recent perating system service pack, and all critical patches and htfixes frm Micrsft. Turn ff any CPU pwer savers. Display pwer savers shuld be fine, but refrain frm using third party screensavers. Turn ff Hibernatin. Install the latest drivers fr all printer(s) and any ther devices r peripherals. Install and cnfigure any required backup hardware drivers and prgrams. ABEL recmmends the backup prgram that cmes with Windws Server. Shrtcuts shuld be setup n the desktp fr all users, r apprpriate users, t: Perfrm a Full System backup with System State, Data nly backups. This will have t be setup after ABELDent is installed. ABEL recmmends that the ABELDent flder and its sub-flders be backed up. ABELDent Setup Cnventins Page 2 f 26 Last updated December 17 th, 2015

Encryptin is strngly recmmended fr backups t remvable media. Make sure mre than 1 persn knws any required passwrds, and that encryptin keys r certificates are stred safely n-site and ff (and that at least 2 peple knw where these are). Nte: A regular user will nt have apprpriate privileges t perfrm full system backups; any users that perfrm backups will have t be added t the Backup Operatr s grup. A backup schedule can als be set. Mst custmers will have enugh space available n their backup media t perfrm a full backup with system state n a daily basis. This is recmmended fr small ffices withut an n-site IT persn t ensure that all data frm all applicatins is backed up. Mre sphisticated backup rtatins can be set up if and when space becmes an issue. If the custmer has a high speed always n Internet cnnectin it is recmmended that Autmatic Updates be turned n. Setup the grup plicy t: Audit successful and unsuccessful accunt lgin events, Audit successful and unsuccessful accunt management events, Accunt lckut t 3 invalid lckut attempts, and the lckut duratin t 15 minutes, and the reset accunt lckut cunter t 15 minutes. Nte: This is an ptinal step but strngly recmmended t enhance security and auditing. Turn ff unnecessary Services such as Messenger, IIS (If it will nt be needed) and FTP. If using these services d nt allw annymus access. Nte that sme practices use ABEL s kisk and case presentatin sftware & will need IIS. Install and cnfigure a reputable Anti-Virus Prduct. Set it up t autmatically get updates regularly. It shuld be cnfigured fr Real-time scanning and fr at least 1 full disk scan per week. Sme prducts require that ABELDent be added t exceptins. 1.4.1.2 Testing Test Windws printing frm all wrkstatins, t all printers t which they will need t print. 1.4.2 Server - Windws 10/8/7 Used as a Server 1.4.2.1 Setup Please cnfrm t the fllwing cnventins when setting up a small practice file server based n a client OS like Windws 10/8.x/7. We recmmend the NTFS file system. Setup TCP/IP as the netwrk prtcl. Set static IP addressing fr the server. ABEL recmmends a ruter with a firewall n all high-speed Internet cnnectins. Name the cmputer with the custmer s ABEL client ID number. Fr example, if the ABEL custmer ID number is C09999-ODS, name the server C09999. Yu can get the custmer ID number by calling ABEL s prductin department and asking fr it. ABELDent Setup Cnventins Page 3 f 26 Last updated December 17 th, 2015

If applicable turn ff sharing wizard/simple file sharing. Open Windws Explrer>File>Change flder and search ptins >G t the view Tab>Uncheck Use Sharing Wizard at the bttm. While yu are here als uncheck Hide extensins fr knwn file types. On lder perating systems, this can be accessed under Tls>Flder Optins. Create an accunt fr ABELDent users. An accunt shuld be set up fr each user, but yu shuld be aware that this accunt wuld have t be set up n all client machines frm which the user will be running ABELDent. This will require a little mre nging maintenance t administer the accunts when yu have staff changes. It is up t individual custmers t decide what is best fr their practice. The ABELDent users shuld nt be part f the administratr grup; they shuld be part f the users grup. Ensure that each accunt has a passwrd. The users shuld change their passwrd the first time they lg in. The usernames and passwrds will have t be identical n the client machines. Disable the guest accunt. Put a strng passwrd n the administratr accunt. Make sure that the apprpriate persn at the ffice r clinic has this passwrd. Nrmally the dentist, ffice manager, r IT persn. If the custmer will be ding EDI ver a mdem rather than by itrans then setup a mdem with the apprpriate drivers. An external mdem is recmmended. A high speed Internet cnnectin is required fr remte supprt. ABEL prvides the required sftware via a brwser plug in at the time supprt is prvided. Mdem cnnectins such as RRAS and PC-Anywhere are n lnger recmmended fr remte supprt cnnectins. Create an accunt fr ABEL t use if they have t lg in t prvide supprt fr the prduct. Please cntact ABEL directly t prvide the username and passwrd. Make sure that the ABEL user has dial-in permissins and is part f the users grup. Set the display reslutin t at least 1920 x 1080. Install the mst recent perating system service pack, and all critical patches and htfixes frm Micrsft. Turn ff any CPU pwer savers. Display pwer savers shuld be fine, but refrain frm using third party screensavers. Turn ff Hibernatin. Install the latest drivers fr all printer(s) and any ther devices r peripherals. Install and cnfigure any required agents, drivers and prgrams t facilitate the backup. ABEL recmmends Internet based backups r backups t remvable hard disks. If backing up t a lcal disk Perfrm a Full System backup with System State. Data nly backups. This will have t be setup after ABELDent is installed. ABEL recmmends that the ABELDent flder and its sub-flders be backed up. SQL backup files will als need t be backed up unless yu are using an nline backup agent with an SQL plug-in. A backup schedule can als be set. Mst custmers will have enugh space available n disk t perfrm a full backup with system state n a daily basis. This is recmmended fr small ffices withut an n-site IT persn t ensure that all data frm all applicatins is backed up. Mre sphisticated backup rtatins can be set up if and when space becmes an issue. Encryptin is strngly recmmended fr backups t remvable media. Make sure mre than 1 persn knws any required passwrds, and that encryptin keys r certificates are stred safely n-site and ff (and that at least 2 peple knw where these are). ABELDent Setup Cnventins Page 4 f 26 Last updated December 17 th, 2015

Nte: A regular user may nt have apprpriate privileges t perfrm full system backups; any users that perfrm backups may have t be added t the Backup Operatr s grup. If the custmer has a high speed always n Internet cnnectin it is recmmended that Autmatic Updates be turned n. Turn ff unnecessary Services such as Messenger, IIS (If it will nt be needed) and FTP. If using these services d nt allw annymus access. Nte that sme practices use ABEL s case presentatin sftware & will need IIS. Install and cnfigure a reputable Antivirus Prduct. Set it up t autmatically get updates regularly. It shuld be cnfigured fr Real-time scanning and fr at least 1 full disk scan per week. Sme prducts require that ABELDent be added t exceptins. 1.4.2.2 Testing Test any lgin accunts created s that user prfiles are made. Make sure users that will require supprt have apprpriate Internet access. Test any ther applicatins that the custmer may have purchased such as Wrd etc. Test Windws printing frm each wrkstatin and with each user accunt. 1.5 Database 1.5.1 Micrsft Jet Database Althugh the SQL database is nw ur standard platfrm, the Micrsft Access database/jet database will cntinue t be supprted fr existing custmers. The JET database engine is installed alng with lder versins f ABELDent. 1.5.2 SQL Server 2014/SQL Server 2012 R2/SQL Server 2008 R2 Fr the SQL versin f ABELDent, install prerequisites (.NET Framewrk 3.5), and MS SQL Server (SQL Server 2014, SQL Server 2012 R2 r SQL Server 2008 R2) befre installing ABELDent. Remember t install all Service packs and htfixes fr SQL Server. ABELDent uses Windws authenticatin t authenticate with SQL Server. The ABELDent installatin will create the required databases and apply the required permissins fr client wrkstatins t access the data. It als creates a shrtcut under Start>Prgrams>ABELDent Administratin t facilitate the creatin f typical maintenance schedules and backup jbs. Client Machine Setup 1.6 Windws 10/8/7 client machine 1.6.1 Setup Please cnfrm t the fllwing cnventins when setting up Windws 10/8/7 client machines: We recmmend using the NTFS file system. ABELDent Setup Cnventins Page 5 f 26 Last updated December 17 th, 2015

Setup TCP/IP as the netwrk prtcl. We nrmally cnfigure TCP/IP t btain an IP autmatically. ABEL recmmends a ruter with a firewall n all high-speed internet cnnectins. If there is nt a ruter, Windws 10 will use Autmatic Private IP Addressing (APIPA). Name the cmputer with the custmer s ABEL client ID number fllwed by a hyphen and a numeric extensin. Fr example, if the ABEL custmer ID number is C09999-ODS, name the first client machine C09999-1, the secnd client machine C09999-2, and s n Add the IP address f the ABELDent server t each client s hsts file (C:\Windws\System32\drivers\etc\hsts) t facilitate faster name reslutin n the netwrk. This is especially imprtant n netwrks that are nt running DNS services. If applicable turn ff sharing wizard/simple file sharing. Open Windws Explrer>File>Change flder and search ptins >G t the view Tab>Uncheck Use Sharing Wizard at the bttm. While yu are here als uncheck Hide extensins fr knwn file types. On lder perating systems, this can be accessed under Tls>Flder Optins. Create accunt(s) fr ABELDent users. The Accunt names and passwrds must exactly match the accunt(s) created n the server if in a wrkgrup envirnment. The users shuld nt be part f the administratrs grup; they shuld be part f the Users grup. Yu can create a grup fr ABELDent users but n mst systems, all regular users will be ABELDent users s the regular users grup can be used instead. Ensure that each accunt has a passwrd. The users shuld change their passwrd the first time they lg in. (this will have t be dne fr each user n all machines). Disable the guest accunt. Put a passwrd n the administratr accunt. Make sure that the apprpriate persn at the ffice r clinic has this passwrd. Nrmally the dentist, ffice manager, r IT persn. Set the display reslutin t at least 1920 x 1080. Install the mst recent perating system service pack, and all critical patches and htfixes frm Micrsft. Turn ff any CPU pwer saving features and disable hibernatin. Screensavers are nt an issue. Install the latest drivers fr all printer(s) and any ther devices r peripherals. If the custmer has a high-speed Internet cnnectin, it is recmmended that Autmatic Updates be turned n. Turn ff unnecessary Services such as Messenger, IIS (If it will nt be needed) and FTP. If using these services d nt allw annymus access. Nte that sme practices use ABEL s kisk and case presentatin sftware and will need IIS. Install and cnfigure a reputable Anti-Virus Prduct. Set it up t autmatically btain updates regularly. It shuld be cnfigured fr real-time scanning and fr at least 1 full disk scan per week. Sme prducts require that ABELDent be added t exceptins. 1.6.2 Testing Test Windws printing frm all wrkstatins. ABELDent Setup Cnventins Page 6 f 26 Last updated December 17 th, 2015

Make sure that the client machine can cnnect t the server and access shares created n the server. If yu create test shares, please remember t remve them when yu are thrugh. ABELDent Setup Cnventins Page 7 f 26 Last updated December 17 th, 2015

Cmpatibility and setup with Firewalls, Anti-Virus and Security Suites 1.7 Setting up Firewall Appliances The specific instructins fr setting up Firewalls vary with make and mdel and ften require certified specialists. Mst ABELDent cmmunicatin is internal n the LAN with sme exceptins fr electrnic claims and prtal. In multi-site installatins additinal prts may have t be pened up t allw ABELDent cmmunicatin. Specific requirements n such cmmunicatin vary widely depending n the specific architecture f yur setup. The fllwing table details the types f cmmunicatin used by ABELDent and what prts may have t be pened up. Service r Functin File and Printer sharing Windws NetBIOS Micrsft SQL Server ABELDent licensing ABELDent Prtal Thin Client / Terminal Services 1 HTTP/HTTPS Prt Prtcl Reasn required 139 incming 445 incming 137 incming 138 incming TCP TCP UDP UDP T save data t and retrieve data frm the file share. D nt pen these prts up t the Internet. If clients and servers are separated by a firewall prt n the LAN, r a sftware firewall, these prts may need t be pened lcally. 1433 incming TCP D nt pen this prt t the internet. If clients and servers are separated by a firewall prt n the LAN, r a sftware firewall, these prts may need t be pened lcally. 5093 incming UDP Only when thick clients with flating licenses are perating thrugh the firewall withut a VPN. 1504 incming TCP If custmer has subscribed t ABELDent patient prtal 3389 incming TCP T run the Remte Desktp Client cntrl 80 utging 443 utging TCP TCP Fr remte supprt (t custmers with an Internet cnnectin) ABELSft uses a tl called GTAssist ( http://www.gtassist.cm ).N prts need be kept pen t allw incming traffic n the firewall as the sessin is initiated inside by the custmer ging t ABELSft s web site ( http://www.abeldent.cm ) and fllwing the link t the remte supprt server website ( http://www.gtassist.cm/sb/abelsft ) t enter the apprpriate sessin cde. Many firewalls nly blck incming traffic, and allw utging cnnectins n all prts. In cases where utging traffic is als restricted the custmer will require utging access n prts 80 (TCP) & 443 (TCP) t cnnect t the remte supprt sessin. The full sessin frm the frm where the sessin cde is entered is encrypted using 128 bit SSL encryptin. If the physicians require Internet access fr clinical research, then the physician wuld typically access infrmatin by visiting web sites with a brwser. The articles wuld typically be in html, pdf, r wrd frmat. Occasinally the infrmatin wuld be delivered as a chargeable r restricted service ver an SSL secured web site. itrans 9650 utging TCP Electrnic claims submissin 9650 utging UDP NTP/SNTP 123 utging UDP Client/server wrkstatin time synchrnizatin 1 This prt is ptinal. Terminal Services cmmunicatin is n prt 3389/TCP. In the event that Terminal Services/ Remte Desktp is used t run ABELDent remtely then these prts must be pened n the firewall. Hwever, if the Remte Desktp sessin is run within a VPN cnnectin this is nt necessary. ABELSft recmmends the VPN apprach t any custmers perating ABELDent ver a high-speed Internet cnnectin. ABELDent Setup Cnventins Page 8 f 26 Last updated December 17 th, 2015

1.8 Anti-Virus It is nt practical fr ABELSft t test large numbers f Antivirus prgrams, as there are many such prgrams n the market. We rutinely check several f the mre ppular AV utilities with the latest versin f ABELDent. We pst ur findings in the table belw. Always check the nline versin f this dcument t ensure that yu are reading ur mst recent findings. ABELSft des NOT exclude ur prgram r data areas frm scanning n prductin systems. Such exclusins shuld nt be necessary. The fllwing prducts have been tested with ABELDent versin 11.x and 12.x Prduct Results Wrkarund steps if required Symantec Endpint Prtectin 12.1 N Knwn Prblems n/a Kaspersky Small Office Security N Knwn Prblems n/a ESET NOD32 N Knwn Prblems n/a Micrsft Security Essentials (Free) N Knwn Prblems Des nt install prperly n Windws Server 2012. Micrsft Windws Defender (Free) N Knwn Prblems Included in Windws 10. Nt available n Windws Server versins. Avast anti-virus Reprted prblems with file scanner Add exclusins fr ABELDent executables. Table last Updated December 24 th 2015 check website fr mst recent versin. 1.9 Knwn prblems with Firewalls and steps t mitigate ABELSft des nt perfrm regular testing with the varius sftware firewalls included with many cnsumer Internet security suites. ABELSft recmmends ruters r firewall appliances at the perimeter. Sme peple prefer sftware-based firewalls as well. Such devices might be desirable n larger netwrks where threats frm within the perimeter prtectin are mre likely. In such cases ABELSft recmmends the Windws Firewall included with all recent Micrsft perating systems. The fllwing has been fund t wrk. Prduct Results Wrkarund required Micrsft Windws Firewall Nrtn Internet Security Tested. Client unable t get license. Limited testing in the field. Must pen prt 5093 UDP n server t subnet t allw clients t get license. Must pen prt 5093 UDP n server t subnet t allw clients t get license. ABELDent Setup Cnventins Page 9 f 26 Last updated December 17 th, 2015

2 Recmmendatins t help Prtect Data and Increase System Reliability One f the strngest advantages f perating n industry standard platfrms such as Micrsft Windws based perating system n Intel (r cmpatible) hardware platfrms is that there are many technlgies available that can be leveraged t increase the reliability f yur system, reduce dwntime, and prtect yur data. This sectin briefly discusses a few f these ptins that ABELSft recmmends that yu cnsider implementing. 2.1 Uninterruptable Pwer Supplies The risk f data lss in the event f a pwer utage that extends beynd the capacity f the battery, t prvide adequate pwer, is mitigated by Windws built in ability t mnitr pwer status & UPS battery state. Windws can be cnfigured t ntify users and perfrm an rderly shutdwn, preventing data lss. 2.2 Disk Mirrring and RAID Arrays The risk f data lss in the event f a server hard disk failure is mitigated by Windws ability t mirrr the disks. In the event f a disk failure the remaining disk cntinues t wrk until such a time as it is cnvenient t replace the failed disk and reestablish the mirrr set. ABELDent Setup Cnventins Page 10 f 26 Last updated December 17 th, 2015

2.3 Backups In the event f data crruptin, hard disk failure, r ther failure that results in the lss f data, ABELSft wuld have t recver the client s mst recent backup(s). ABELSft users typically use the Backup Utility that is supplied with Windws Server r Windws client perating systems, but ABELDent has the flexibility t wrk with mst backup prgrams and backup services n the market shuld the custmer prefer. Detailed backup & recvery prcedures are prvided in the ABELDent manual. 2.4 Additinal Technlgies ABELDent has been designed wrk n the Micrsft Windws platfrm. These platfrms have many such features incrprated int the perating system. The Windws platfrm als interperates with many third party prducts, bth hardware and sftware, that can be used t mitigate risk and prtect data. The level f fault tlerance can be cnfigured t match the requirements f the health care prvider. In additin t hardware and sftware slutins there are many services available t help prtect yur Windws system. These include such services as Online Data Backups as well as Remte Mnitring and Administratin. ABELSft can help yu with such services. ABELDent Setup Cnventins Page 11 f 26 Last updated December 17 th, 2015

3 Detailed Steps n the security settings described abve This sectin prvides detailed steps fr cnfiguratin f the security settings and grup plicy settings mentined abve fr technicians r custmers wh may nt be familiar with them. 3.1 Creating ABELDent Users Grup and User Accunts This sectin cvers the initial user setup that wuld nrmally be perfrmed by the hardware vendr r IT department befre ABELSft cmes ut t d the installatin. The ABELDent administratr will set these users up as members in ABELDent and cnfigure the apprpriate levels f privilege in ABELDent. Onging administratin including deletin and mdificatin f user accunts is cvered in the ABELDent user s manual. Initially we recmmend that an ABELDent Users Grup be setup. 1. Lg in n the server. 2. Select Start>Administrative Tls>Active Directry Users & Cmputers 3. Right click n users and selects New > Grup frm the pp ut menus 4. Fill in the grup name ABELDent Users 5. The Scpe f the Grup is nrmally the Dmain lcal 6. The Type f Grup is Security Each user is set up in Windws with a username matching the member s username in the ABELDent Authenticatin Manager. The typical steps n a Windws 2012 R2 Server wuld be as fllws: 1. Lg in n the server. 2. Select Start>Active Directry Users and Cmputers 3. The Administratr right clicks n the ABELDent Users OU and selects New > User frm the pp ut menus ABELDent Setup Cnventins Page 12 f 26 Last updated December 17 th, 2015

4. Fills in the user s first name, last name and username then click n next. 5. The initial passwrd wuld be entered by the administratr twice, checking the ptin t frce the user t change it n next lgn, befre clicking n next, and then Finish t create the user. 6. The user wuld then be added t the ABELDent Users OU. T add them t the ABELDent Users grup, start by duble clicking n the new username, clicking n the Member Of tab, clicking in the Add buttn, typing in the grup name, clicking n the Check Names buttn, and OK. ABELDent Setup Cnventins Page 13 f 26 Last updated December 17 th, 2015

On a small standalne r peer-peer netwrk with a Windws 10, 8 r 7-based file server, the steps wuld be similar nly they will be perfrmed under cmputer Management. Right click n My Cmputer, select Manage, expand System Tls, Lcal Users & Grups, right click n Grups, select New Grup and then add the grup and user in the same way as described abve. Add the user t the apprpriate ABELDent Users grup when finished. On a small netwrk such as this the user must be created identically n each wrkstatin. ABELDent Setup Cnventins Page 14 f 26 Last updated December 17 th, 2015

3.2 Passwrd Plicies ABELDent Platfrm Setup Cnventins The fllwing steps describe hw t set the grup plicy t ensure passwrd length & cmplexity rules are enabled in Windws Server 2012 R2. 1. Click n the Windws Start buttn. 2. Search fr Grup Plicy Management. 3. In Grup Plicy Management, expand the tree view in the left clumn s yu can see the Default Dmain Plicy directly belw the dmain name 4. Right-click n Default Dmain Plicy and select Edit frm the drp dwn menu. 5. In the Grup Plicy Windw, click the + t expand Cmputer Cnfiguratin. 6. Click the + t expand Plicies. 7. Click the + t expand Windws Settings. 8. Click the + t expand Security Settings. 9. Click the + t expand Accunt Plicy 10. Click n Passwrd Plicy. 11. ABEL recmmends that several Plicies be set here: a. Minimum Passwrd length shuld be set at 8 r mre characters b. Passwrd must meet cmplexity requirements shuld be defined and enabled. This will mandate additinal criteria beynd the standard Windws case sensitive passwrd c. Enfrce passwrd histry shuld be set t help prevent passwrds frm being reused. We suggest the maximum value f 24 be used. d. The abve Plicy wuld be ineffective if users culd quickly cycle thrugh passwrds until they can reuse them. A Minimum passwrd age f 30 days will prevent such abuse. e. A passwrd age f 90 Days will ensure quarterly passwrd changes. This wuld be the lngest ABELSft wuld recmmend. Sme ffices like a Maximum passwrd age f 42 days t ensure passwrd changes at lease every 6 weeks. ABELDent Setup Cnventins Page 15 f 26 Last updated December 17 th, 2015

ABELDent Setup Cnventins Page 16 f 26 Last updated December 17 th, 2015

Similar Plicies can be applied t Standalne r small peer-peer netwrks using the Lcal Cmputer Plicy prvided by Windws 10, 8 and 7. The Administratr can achieve access t the plicy by clicking n Start > Typing in GPEdit.msc > and clicking n OK. The diagram belw shws that the same settings are available there. 3.3 Accunt Lckut Plicies ABELDent relies n Micrsft Windws t prvide the authenticatin, and n Micrsft Windws Grup Plicy t cntrl the behavir f the system n failures t authenticate. The fllwing steps shw hw t cnfigure a typical accunt lckut plicy. This example shws hw t set a lckut after 3 invalid lgin attempts, set the lckut duratin t 3 days, and reset the lckut cunter daily (S that 3 failed lgin attempts in a day wuld lck the user accunt fr 3 days, unless an administratr manually unlcked the accunt. Manual unlcking can be perfrmed by the administratr as shwn at the end f this sectin. 1. Click n the Windws Start buttn. 2. Select Administrative Tls. 3. Click Grup Plicy Management. 4. In Grup Plicy Management, expand the tree view in the left clumn s yu can see the Default Dmain Plicy directly belw the dmain name 5. Right-click n Default Dmain Plicy and select Edit ABELDent Setup Cnventins Page 17 f 26 Last updated December 17 th, 2015

6. Click the + t expand Windws Settings. 7. Click the + t expand Security Settings. 8. Click the + t expand Accunt Plicies. 9. Select Accunt Plicy Lckut 10. Duble-click Accunt lckut threshld 11. Change the value f Accunt will lck ut after: t 3 invalid lgn attempts. 12. Click OK. ABELDent Setup Cnventins Page 18 f 26 Last updated December 17 th, 2015

13. Duble-click Accunt lckut duratin. 14. Type in the value 15 minutes. 15. Click OK. 16. Duble-click n Reset accunt lckut cunter after. 17. Type in the value 15 minutes. 18. Click n OK. 19. Click the X in the upper right f the Grup Plicy windw. ABELDent Setup Cnventins Page 19 f 26 Last updated December 17 th, 2015

3.4 Inactivity timeut and lck ABELDent Platfrm Setup Cnventins ABELDent leverages Micrsft Windws technlgies that lck a system upn detectin f inactivity. The prcedure is described belw. ABELSft recmmends Windws 10 fr secure use wrkstatins. In these cases, ABELDent and perating system lgn security is integrated (i.e., Single sign-n methdlgy). These wrkstatins can be set in Windws t autmatically lck after a defined perid f inactivity at the wrkstatin by specifying the screen-saver t be the native Windws 10 passwrd lgn screen-saver. These settings can be enfrced and lcked-dwn with an enfrced grup plicy fr grups f statins r users r individual statins r users. Like the Passwrd and Accunt Lckut Plicies these settings are best made in Grup Plicy. Fllw the Steps in the previus tw steps t enter grup Plicy. The screen saver timeut Plicies are set at User Cnfiguratin>Administrative Templates>Cntrl Panel>Persnalizatin>Screen Saver Timeut Suggested value is 180 secnds (3 minutes). Sme users find this hard t tlerate. We suggest trying 3 minutes, and if it causes t many prblems this value can always be increased later (with permissin frm the apprpriate physicians r ther authrities). 3.5 Make sure that user can change their wn passwrd On a Windws 2012 R2 dmain when the administratr creates the user accunt, the administratr determines whether the user will have the apprpriate level f privilege t change their wn passwrd. The screen capture belw shws the default ABELDent Setup Cnventins Page 20 f 26 Last updated December 17 th, 2015

setting where User cannt change passwrd is UNCHECKED. This setting cannt be selected when User must change passwrd at next lgn is selected, therefre the setting is already crrect fr new accunts with User must change passwrd at next lgn selected. Fr existing accunts yu shuld manually check t make sure that User cannt change passwrd is unchecked. yu can get t this setting by clicking n Start>Administrative Tls>Active Directry Users & Cmputers >duble click n users> duble click n the apprpriate user > Click n the accunt tab checkbxes will be in the accunt ptins area. Similarly, if a Windws 2012 R2 dmain des nt exist, when the administratr creates the user accunt in Windws 10, the administratr determines whether the user will have the apprpriate level f privilege t change their wn passwrd. 3.6 Setup NTP/SNTP Time Synchrnizatin Explanatin f NTP time synchrnizatin can be fund n the Micrsft website http://supprt.micrsft.cm/kb/816042 We are including excerpts n the specific setup steps required here. We strngly recmmend an external time surce as dcumented here, rather than the internal time surce that is als mentined in the same Micrsft article. Cnfiguring the Windws Time service t use an external time surce T cnfigure an internal time server t synchrnize with an external time surce, fllw these steps: 1. Change the server type t NTP. T d this, fllw these steps: a. Click the Start buttn, type regedit, and then click OK. ABELDent Setup Cnventins Page 21 f 26 Last updated December 17 th, 2015

b. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\Parameters\Type c. In the right pane, right-click Type, and then click Mdify. d. In Edit Value, type NTP in the Value data bx, and then click OK. Set AnnunceFlags t 5. T d this, fllw these steps:. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\Cnfig\AnnunceFlags a. In the right pane, right-click AnnunceFlags, and then click Mdify. b. In Edit DWORD Value, type 5 in the Value data bx, and then click OK. Enable NTPServer. T d this, fllw these steps:. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\TimePrviders\NtpServer a. In the right pane, right-click Enabled, and then click Mdify. b. In Edit DWORD Value, type 1 in the Value data bx, and then click OK. Specify the time surces. T d this, fllw these steps:. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\Parameters a. In the right pane, right-click NtpServer, and then click Mdify. b. In Edit Value, type Peers in the Value data bx, and then click OK. Nte Peers is a placehlder fr a space-delimited list f peers frm which yur cmputer btains time stamps. Each DNS name that is listed must be unique. Yu must append,0x1 t the end f each DNS name. If yu d nt append,0x1 t the end f each DNS name, the changes made in step 5 will nt take effect. Select the pll interval. T d this, fllw these steps:. Lcate and then click the fllwing registry subkey: ABELDent Setup Cnventins Page 22 f 26 Last updated December 17 th, 2015

HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\TimePrviders\NtpClient\SpecialPllInterval a. In the right pane, right-click SpecialPllInterval, and then click Mdify. b. In Edit DWORD Value, type TimeInSecnds in the Value data bx, and then click OK. Nte TimeInSecnds is a placehlder fr the number f secnds that yu want between each pll. A recmmended value is 900 Decimal. This value cnfigures the Time Server t pll every 15 minutes. Cnfigure the time crrectin settings. T d this, fllw these steps:. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\Cnfig\MaxPsPhaseCrrectin a. In the right pane, right-click MaxPsPhaseCrrectin, and then click Mdify. b. In Edit DWORD Value, click t select Decimal in the Base bx. c. In Edit DWORD Value, type TimeInSecnds in the Value data bx, and then click OK. Nte TimeInSecnds is a placehlder fr a reasnable value, such as 1 hur (3600) r 30 minutes (1800). The value that yu select will depend upn the pll interval, netwrk cnditin, and external time surce. d. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\Cnfig\MaxNegPhaseCrrectin e. In the right pane, right-click MaxNegPhaseCrrectin, and then click Mdify. f. In Edit DWORD Value, click t select Decimal in the Base bx. g. In Edit DWORD Value, type TimeInSecnds in the Value data bx, and then click OK. Nte TimeInSecnds is a placehlder fr a reasnable value, such as 1 hur (3600) r 30 minutes (1800). The value that yu select will depend upn the pll interval, netwrk cnditin, and external time surce. Quit Registry Editr. At the cmmand prmpt, type the fllwing cmmand t restart the Windws Time service, and then press ENTER: net stp w32time && net start w32time ABELDent Setup Cnventins Page 23 f 26 Last updated December 17 th, 2015

3.7 Disable LMHash ABELDent Platfrm Setup Cnventins Mdern Windws systems use a very secure system called Kerbers fr secure authenticatin. Passwrds are nt directly stred r transmitted. Standards based hashes(md4) are stred in encrypted databases, and nly hashes f passwrds are ever transmitted. Windws systems als have cmpnents that supprt backward cmpatibility t lder less secure authenticatin systems, specifically ne cmpnent called LANManager. ABELSft recmmends that yu turn ff such cmpatibility s that passwrd hashes are nt stred r transmitted using these lder vulnerable standards. The fllwing instructins tell hw t disable the LMHash Implement the NLMHash Plicy by Using Grup Plicy T disable the strage f LM hashes f a user's passwrds in the lcal cmputer's SAM database by using Lcal Grup Plicy (Windws 10 r Windws Server 2012 R2) r in a Windws Server 2012 R2 Active Directry envirnment by using Grup Plicy in Active Directry, fllw these steps: 1. In Grup Plicy, expand Cmputer Cnfiguratin, expand Plicies, expand Windws Settings, expand Security Settings, expand Lcal Plicies, and then click Security Optins. 2. In the list f available plicies, duble-click Netwrk security: D nt stre LAN Manager hash value n next passwrd change. 3. Click Enabled, and then click OK. ABELDent Setup Cnventins Page 24 f 26 Last updated December 17 th, 2015

4 Appendix B Security and Auditing Checklist This checklist is prvided t help yu systematically perfrm the recmmended security setup Practice Name: ABEL ID: Date: Security Requirements Server Wrkstatin 1 Wrkstatin 2 Wrkstatin3 Wrkstatin 4 Wrkstatin 5 Machine Name Enfrce passwrd histry enabled Maximum passwrd age enabled fr 90 days Minimum passwrd length set t 8 characters enabled Passwrd must meet cmplexity requirements Accunt lckut duratin set t 15 minutes Accunt lckut threshld enabled fr 3 attempts Reset accunt lckut cunter set t 15 minutes Audit accunt lgn events enabled fr success/failure Audit accunt management enabled fr success/failure Audit lgn events enabled fr success/failure Audit bject access enabled fr success/failure Audit plicy change enabled fr success/failure Screen saver passwrd prtected enabled fr 3 minutes Remte Access enabled/cnfigured Time synchrnizatin cnfigured Firewall rules created ABELDent Setup Cnventins Page 25 f 26 Last updated December 17 th, 2015

1. MS SQL 1433 2. MS SQL 1434 3. NetBIOS 139 4. Micrsft DS 445 5. NetBIOS 137 6. NetBIOS 138 7. SSL 443 8. RDP 3389 Backup sftware installed/cnfigured t backup 1. Applicatin data 2. Security credentials 3. Lg/audit files Backup and archive files are encrypted Anti-Virus sftware installed N cnflict between ABELDent and installed antivirus sftware VPN sftware installed/cnfigured Uninterruptable Pwer Supply 1. Setup 2. Sftware installed Physical security f server/desktp I verify that ABELSft s security and auditing checklist has been cmpleted as indicated abve. IT Technician Name: IT Technician Signature: ABELDent Setup Cnventins Page 26 f 26 Last updated December 17 th, 2015

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback