Knowledge Exchange (KE) System Cyber Security Plan

Similar documents
BMC Remedyforce Integration with Bomgar Remote Support

BMC Remedyforce Integration with Remote Support

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Launching Xacta 360 Marketplace AMI Guide June 2017

Troubleshooting Citrix- Published Resources Configuration in VMware Identity Manager

Connect+/SendPro P Series Networking Technical Specification

Avigilon Control Center Server User Guide. Version 6.8

Virtual Office

OpenScape Business V2

Configure Data Source for Automatic Import from CMDB

Using Virtek CommBox over FleetBroadband

Xerox Security Bulletin XRX12-007

These tasks can now be performed by a special program called FTP clients.

Cisco Smart Software Manager satellite

EView/400i Management Pack for Systems Center Operations Manager (SCOM)

Dynamic Storage (ECS)

Enterprise Installation

new features guide September 2016 This document details the new features included in the mongodb plugin

Avigilon Control Center Server User Guide. Version 6.4

CCNA Security v2.0 Chapter 10 Exam Answers

Overview of Data Furnisher Batch Processing

Your New Service Request Process: Technical Support Reference Guide for Cisco Customer Journey Platform

PT Activity 2.6.1: Packet Tracer Skills Integration Challenge

Universal CMDB. Software Version: Backup and Recovery Guide

Stoneware Inc. Citrix NFuse Configuration. Stoneware, Inc. Configuration Sheet Date: January 2005

System Requirements for SurveyTracker Plus 6.0

Nokia N95 with Tpad. Follow these simply settings to get your Nokia N95 to connect to the Tpad.

DC Remote Control Installation and Configuration Guide. Version 1.2

BlackBerry Server Installation and Upgrade Service

UDS Enterprise Configuring UDS Enterprise in HA

User Guide. Avigilon Control Center Mobile Version 2.2 for Android

Telkom VPN-Lite router setup User Manual Billion 810VGTX

CSC IT practix Recommendations

Planning, installing, and configuring IBM CMIS for Content Manager OnDemand

Configuring Database & SQL Query Monitoring With Sentry-go Quick & Plus! monitors

Campuses that access the SFS nvision Windows-based client need to allow outbound traffic to:

ABELDent Platform Setup Conventions

Spectrum Enterprise SIP Trunking Service Zultys MX Phone System v9.0.4 IP PBX Configuration Guide

MySabre API RELEASE NOTES MYSABRE API VERSION 2.0 (PART OF MYSABRE RELEASE 7.0) OCTOBER 28, 2006 PRODUCTION

iallworx User s Guide

HP Universal CMDB. Software Version: Backup and Recovery Guide

Admin Report Kit for Exchange Server

How to Guide. DocAve Extender for MOSS 2007 and SPS Installing DocAve Extender and Configuring a Basic SharePoint to Cloud Extension

MySabre API RELEASE NOTES MYSABRE API VERSION 2.1 (PART OF MYSABRE RELEASE 7.1) DECEMBER 02, 2006 PRODUCTION

Avigilon Control Center Virtual Matrix User Guide. Version 6.8

White Paper. Contact Details

Telkom VPN-Lite router setup User Manual Billion 800VGT

How to Be Found on LinkedIn

Troubleshooting Citrix- Published Resources Configuration in VMware Identity Manager

HP Server Virtualization Solution Planning & Design

Clearfly SIP Trunks Configuration Guide PBX Platform: KX-TDE/NCP

SMART Room System for Microsoft Lync. Software configuration guide

SIEM Use Cases 45 use cases for Security Monitoring

Digital Imaging and Communications in Medicine (DICOM) Supplement 204 TLS Security Profiles

Packet Tracer - Configuring a Zone-Based Policy Firewall (ZPF)

Quick Guide on implementing SQL Manage for SAP Business One

Establishing two-factor authentication with FortiGate and HOTPin authentication server from Celestix Networks

ABELMed Platform Setup Conventions

Interoperability between ProCurve WESM zl and HP ipaq Voice Messenger smartphone

SafeDispatch SDR Gateway for MOTOROLA TETRA

Getting started. Roles of the Wireless Palette and the Access Point Setup Utilities

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

SAP Business One Hardware Requirements Guide

Firmware Download Anybus X-gateway Modbus-TCP

FollowMe. FollowMe. Q-Server Quick Integration Guide. Revision: 5.4 Date: 11 th June Page 1 of 26

Element Creator for Enterprise Architect

CaseWare Working Papers. Data Store user guide

OO Shell for Authoring (OOSHA) User Guide

Gemini Intercom Quick Start Guide

TPP: Date: October, 2012 Product: ShoreTel PathSolutions System version: ShoreTel 13.x

LiveEngage and Microsoft Dynamics Integration Guide Document Version: 1.0 September 2017

WorldShip PRE-INSTALLATION INSTRUCTIONS: INSTALLATION INSTRUCTIONS: Window (if available) Install on a Single or Workgroup Workstation

User Guide. Document Version: 1.0. Solution Version:

IBM SPSS Interviewer Setting up Data Entry Supervisor machines for Synchronization

Please contact technical support if you have questions about the directory that your organization uses for user management.

CCNA 1 Chapter v5.1 Answers 100%

TRAUMACAD 2.5 PREREQUISITES

Announcing Veco AuditMate from Eurolink Technology Ltd

HP MPS Service. HP MPS Printer Identification Stickers

CNS-222-1I: NetScaler for Apps and Desktops

E-Lock Policy Manager White Paper

File Share Navigator Online

App Orchestration 2.6

September 24, Release Notes

1 Getting and Extracting the Upgrader

How to set up Dell SonicWALL Aventail SRA Appliance with OPSWAT GEARS Client

Web Application Security Version 13.0 Training Course

Service Level Agreement

Milestone XProtect. NVR Installer s Guide

KNX integration for Project Designer

Dolby Conference Phone Support Frequently Asked Questions

CROWNPEAK DESKTOP CONNECTION (CDC) INSTALLATION GUIDE VERSION 2.0

Dell Chassis Management Controller (CMC) Version 1.35 for Dell PowerEdge VRTX. Release Notes

Frequently Asked Questions

CONFIGURING UUM . Android. You will need the following information to set up UUM

Manual for installation and usage of the module Secure-Connect

Cisco Tetration Analytics, Release , Release Notes

Cisco EPN Manager Network Administration

Demand Forecasting. For. Microsoft Dynamics 365 for Operations. Technical Guide. Release 7.1. December 2017

How to setup Nokia N Series Mobiles with Tpad

Transcription:

Knwledge Exchange (KE) System Cyber Security Plan OVERVIEW This dcument prvides recmmendatins t enhance the security prfile f the Knwledge Exchange (KE) System. Yu are respnsible fr identifying the security ptin(s) mst apprpriate t the risks identified in yur envirnment. D nt attempt t implement any f these settings withut first testing them in a nnperatinal envirnment. Use f this dcument is at the discretin f the user. Fllwing these recmmendatins des nt guarantee that the KE system will be secure. This dcument discusses the fllwing cyber security issues: Applicatin Data Encryptin in Mtin HTTPS Supprt HTTP Re-Ruting (using URL Rewrite) Secure Headers t Web Client Cmmunicatin Device Data Encryptin in Mtin Legacy Device Cmmunicatin Encryptin (OER-Pr, CV-190) Applicatin Attack Ftprint Firewall Settings Web Obslescence This plan uses industry best practices and slutins. There are links fr each plan item within this Security Plan, at the end f the dcument. 2017 OLYMPUS CORPORATION OF THE AMERICAS PAGE 1 OF 5 TR0131V01

APPLICATION DATA ENCRYPTION IN MOTION HTTPS supprt can be prvided by installing the Micrsft IIS 8.5 feature n the Micrsft Windws 2012 R2, where yur KE system is installed. The fllwing steps can be used t cnfigure IIS 8.5: 1. Set the first rule t cnfigure URL Rewrite as a reverse prxy. 2. Create the secnd rule Redirect HTTP t HTTPS. 3. Edit the IIS web cnfiguratin fr secure headers. 4. Set up bindings t TCP prts 80 and 443, using a self-signed certificate, r a CA certificate, t TCP 443 prt nly. Olympus KE IIS Reverse Prxy HTTP t HTTPS Secure Web Client OLYMPUS KE APPLICATION SERVER FIREWALL IIS SERVER T prevent vulnerability with the web client cnnectin, industry standards recmmend adding secure headers t Web Client cmmunicatin. Add these by custmizing the HTTP respnse header in IIS (see list f HTTP Respnse Headers belw). TR0131V01 PAGE 2 OF 5 2017 OLYMPUS CORPORATION OF THE AMERICAS

DEVICE DATA ENCRYPTION IN MOTION Cnfigure an encrypted VPN tunnel between the trusted netwrk (i.e., the Olympus medical device) and the KE server netwrk indicated n the netwrk adapter. The VPN server must be a physical netwrk device, and cnfigured t enable a L2TP server t cnnect t a sftware-cnfigured L2TP Client WAN miniprt, using MS CHAP v2. Examples f such servers include the Cisc ASA 5506X and 5516X, amng thers. Cnsult with yur netwrk administratr n availability f any f these devices. Be aware f username creatin n the physical netwrk device fr use in L2TP VPN. Usernames may require specific encryptin f passwrds fr use with MS CHAP v2. If Olympus medical devices, frm multiple lcatins within yur facility, must cnnect, additinal physical netwrk devices may be required as shwn in the diagram belw. CV-190 Olympus Medical Devices OER-Pr L2TP VPN Olympus KE OER-Pr L2TP VPN Trusted Netwrk (Inside) Un-trusted Netwrk VPN (Outside) - Encrypted 2017 OLYMPUS CORPORATION OF THE AMERICAS PAGE 3 OF 5 TR0131V01

Cyber Security netwrk cnfiguratin example belw: Inside netwrk (Trusted) Outside netwrk (Un-trusted) Olympus CV-190 IP 192.168.1.25 IP 192.168.1.40 Olympus OER-Pr IP 192.168.1.26 IP 192.168.1.40 Olympus OER-Pr IP 192.168.1.27 IP 192.168.1.46 Cisc ASA 5516 Rm 1 VPN L2TP Cisc ASA 5506 Rm 2 VPN L2TP Olympus KE IP 10.10.0.10 (Physical Netwrk Interface) IP 192.168.1.40 (Virtual Netwrk Interface fr Rm 1 L2TP VPN Cnnectin) IP 192.168.1.46 (Virtual Netwrk Interface fr Rm 2 L2TP VPN Cnnectin) DICOM MWL and PACS IP 10.10.0.11 REDUCE APPLICATION ATTACK FOOTPRINT Cnfigure the Windws 2012 firewall t allw traffic nly n prts TCP 443, TCP 9722, and TCP 80. Prts TCP 9722 and TCP 80 are required fr Olympus remte supprt. Blck the Olympus KE Glassfish (Receiving HTTP requests) entry, TCP prt 8080 t remve accidental access t bslescent web server. Cnfigure nly the prts required fr Olympus medical devices t cmmunicate with KE, such as OER-Pr and CV-190 units. Allw these prts ver the encrypted WAN miniprt(s) cnfigured n the KE server. This nly allws cnnectin thrugh the VPN. Please cnsult Knwledge Exchange (KE) IT Specificatins (TR0094) fr prt details. TR0131V01 PAGE 4 OF 5 2017 OLYMPUS CORPORATION OF THE AMERICAS

WEB RESOURCES IIS Reverse Prxy: https://blgs.msdn.micrsft.cm/friis/2016/08/25/setup-iis-with-url-rewrite-as-a-reverse-prxy-fr-real-wrld-apps IIS Name Change: https://sctthelme.c.uk/hardening-yur-http-respnse-headers/ IIS Security Headers: https://securityheaders.i Applicatin Request Ruting v3: https://www.micrsft.cm/en-us/dwnlad/details.aspx?id=47333 If additinal infrmatin is needed, cntact the Olympus Technical Assistance Center (TAC) at (800) 848-9024. Olympus is a trademark f Olympus Crpratin f the Americas, Olympus America Inc. and/r their affiliated entities. All ther trademarks and registered trademarks listed herein are the prperty f their respective hlders. 2017 OLYMPUS CORPORATION OF THE AMERICAS PAGE 5 OF 5 TR0131V01

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback