ABELMed Platform Setup Conventions

Similar documents
ABELDent Platform Setup Conventions

ABELMed Platform Setup Conventions

ABELDent Platform Setup Conventions

NiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel

CaseWare Working Papers. Data Store user guide

Campuses that access the SFS nvision Windows-based client need to allow outbound traffic to:

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

INSTALLING CCRQINVOICE

Wave IP 4.5. CRMLink Desktop User Guide

Enterprise Installation

Please contact technical support if you have questions about the directory that your organization uses for user management.

BMC Remedyforce Integration with Remote Support

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

WorldShip PRE-INSTALLATION INSTRUCTIONS: INSTALLATION INSTRUCTIONS: Window (if available) Install on a Single or Workgroup Workstation

Manual for installation and usage of the module Secure-Connect

These tasks can now be performed by a special program called FTP clients.

Customer Information. Agilent 2100 Bioanalyzer System Startup Service G2949CA - Checklist

Welcome to Remote Access Services (RAS) Virtual Desktop vs Extended Network. General

BMC Remedyforce Integration with Bomgar Remote Support

Installation and Getting Started

RISKMAN REFERENCE GUIDE TO USER MANAGEMENT (Non-Network Logins)

The screenshots/advice are based on upgrading Controller 10.1 RTM to 10.1 IF6 on Win2003

FollowMe. FollowMe. Q-Server Quick Integration Guide. Revision: 5.4 Date: 11 th June Page 1 of 26

Admin Report Kit for Exchange Server

DIVAR IP 3000 Field Installation Guide

Release Notes. Dell SonicWALL Security firmware is supported on the following appliances: Dell SonicWALL Security 200

User Guide. Document Version: 1.0. Solution Version:

ROCK-POND REPORTING 2.1

Online Banking for Business USER GUIDE

Announcing Veco AuditMate from Eurolink Technology Ltd

Troubleshooting of network problems is find and solve with the help of hardware and software is called troubleshooting tools.

Reference Guide. Service Pack 3 Cumulative Update 2. Revision J Issued October DocAve 6: Control Panel

E-Lock Policy Manager White Paper

REFWORKS: STEP-BY-STEP HURST LIBRARY NORTHWEST UNIVERSITY

Dynamic Storage (ECS)

Getting started. Roles of the Wireless Palette and the Access Point Setup Utilities

TDR and Trend Micro. Integration Guide

DocAve 6 Service Pack 2 Control Panel

Dolby Conference Phone Support Frequently Asked Questions

ADSS Server Evaluation Quick Guide

Upgrade Guide. Medtech Evolution Specialist. Version 1.11 Build (October 2018)

Secure File Transfer Protocol (SFTP) Interface for Data Intake User Guide

Password Reset for Remote Users

I. Introduction: About Firmware Files, Naming, Versions, and Formats

CSC IT practix Recommendations

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

Avigilon Control Center Server User Guide. Version 6.4

Launching Xacta 360 Marketplace AMI Guide June 2017

Quick Start Guide. Basic Concepts. DemoPad Designer - Quick Start Guide

istartsmart 3.5 Upgrade - Installation Instructions

SANsymphony Installation and Getting Started Guide. November 7, 2016

Upgrade Guide. Medtech Evolution General Practice. Version 1.9 Build (March 2018)

Enabling Your Personal Web Page on the SacLink

IDEAL ADMINISTRATION 2018

Dear Milestone Customer,

Connect+/SendPro P Series Networking Technical Specification

ClassFlow Administrator User Guide

Element Creator for Enterprise Architect

Integrating QuickBooks with TimePro

TRAUMACAD 2.5 PREREQUISITES

Access the site directly by navigating to in your web browser.

Configuring Database & SQL Query Monitoring With Sentry-go Quick & Plus! monitors

Oracle Universal Records Management Oracle Universal Records Manager Adapter for Documentum Installation Guide

Graduate Application Review Process Documentation

System Requirements for SurveyTracker Plus 6.0

Refreshing Axiom TEST with a Current Copy of Production Axiom EPM June 20, 2014

BANNER BASICS. What is Banner? Banner Environment. My Banner. Pages. What is it? What form do you use? Steps to create a personal menu

Proficy* SmartSignal 6.1 Installation Guide

Municode Website Instructions

Users, groups, collections and submissions in DSpace. Contents

IBM SPSS Interviewer Setting up Data Entry Supervisor machines for Synchronization

Avigilon Control Center Server User Guide. Version 6.8

Firmware Upgrade Wizard v A Technical Guide

TN How to configure servers to use Optimise2 (ERO) when using Oracle

UPGRADING TO DISCOVERY 2005

Using the Swiftpage Connect List Manager

Gemini Intercom Quick Start Guide

EView/400i Management Pack for Systems Center Operations Manager (SCOM)

LiveEngage and Microsoft Dynamics Integration Guide Document Version: 1.0 September 2017

CROWNPEAK DESKTOP CONNECTION (CDC) INSTALLATION GUIDE VERSION 2.0

Service Level Agreement

PAY EQUITY HEARINGS TRIBUNAL. Filing Guide. A Guide to Preparing and Filing Forms and Submissions with the Pay Equity Hearings Tribunal

File Share Navigator Online

Dell Wyse Device Manager (WDM)

WinEst 15.2 Installation Guide

Click Studios. Passwordstate. RSA SecurID Configuration

Managing User Accounts

VMware EVO:RAIL Customer Release Notes

OASIS SUBMISSIONS FOR FLORIDA: SYSTEM FUNCTIONS

Release Notes. Dell SonicWALL Security BETA

USER GUIDE. Thanks for purchasing the igate! You ll need to follow these five Configuration Steps to get your igate up and running:

STIDistrict AL Rollover Procedures

Milestone XProtect. NVR Installer s Guide

OATS Registration and User Entitlement Guide

Quick Guide on implementing SQL Manage for SAP Business One

Avocent Power Management Distribution Unit (PM PDU) Release Notes Firmware Version April 18, 2011

DocAve 6 Control Panel

Service Level Agreement

Group Policy Manager Quick start Guide

Release Type: Firmware Software Hardware New Product

Transcription:

ABELMed Platfrm Setup Cnventins Intrductin 1.1 Purpse f this dcument The purpse f this dcument is t prvide prspective ABELMed licensees and their hardware vendrs with the infrmatin that they will require t prepare fr the installatin and peratin f ABELMed. It will start with a brief verview f typical platfrms, and then prvide specific infrmatin that will be required t cnfigure an ABELMed ready platfrm. The ABELMed slutin leverages many f the security features built int the Windws Operating system t help yu meet yur privacy and security respnsibilities. If the platfrm is nt prepared cnsistently with these cnventins and recmmendatins it is likely t have security gaps and may nt meet apprpriate standards t prtect health infrmatin. The sectins n cnfiguratin are mderately technical and intended primarily fr the use f the hardware vendr r IT prfessinal that will be cnfiguring the system. These sectins d nt prvide detailed instructins, it is expected that a cmpetent IT prfessinal will be familiar with these ubiquitus platfrms, and understand the cnventins. Sme custmers dn t have IT prfessinals t help them setup their systems. They may have bught cmputers ver the Internet r dn t have lcal help available. Fr these custmers we have recently added Sectin (6) t this dcument with mre detailed instructins n the steps required t setup the system. If yu r yur hardware vendr need clarificatin n any f the pints, please call r email ABELSft. We are happy t c-perate and wrk with yu r yur hardware vendr t ensure that yu get all the infrmatin required t get yur system setup fr ABELMed. 1.2 General Platfrm Overview ABELMed runs n Micrsft Windws perating systems, and uses the Micrsft SQL Server database. ABELSft can bundle RUNTIME licenses fr MS SQL Server with yur ABELMed licenses. ABELMed is designed t scale frm small peer-t-peer netwrks with few wrkstatins, t larger dmain netwrks in busy clinics with dedicated servers serving administrative and clinical wrkstatins in examinatin rms. The smaller netwrks, with less than 5 wrkstatins fr example, can be served by a wrkgrup cnsisting entirely f cmputers running the Micrsft Windws 10 perating system. On netwrks with 5 r mre wrkstatins, a file server with the Micrsft Windws Sever 2016 perating system is recmmended. The Windws Server 2016 perating system supprts larger netwrks and advanced features such as Active Directry security dmains, disk mirrring, terminal services, as well as many ther features and tls. Sme practices with less than 5 wrkstatins may still pt fr a dedicated server running the server versin f the perating system in rder use active directry, disk mirrring, r ther such features. 1.3 Hw t prceed ABELSft recmmends that when lking int purchasing yur hardware, perating system and ther sftware fr ABELMed that yu get at least three qutes. Please make sure that yu prvide the ABELMed hardware Platfrm Requirements tables, and these setup cnventins, s that the hardware vendr can include setup t these cnventins in the price that yu are quted. Current platfrm requirements and setup cnventins are ABELSft Crpratin 2018 Page 1 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins always available n the ABELSft website at http://www.abelsft.cm. Sme custmers may pt t purchase their wn hardware frm vendrs that d nt prvide setup and installatin services. In such cases yu may require the services f a technician wh understands these setup cnventins and cnfigure the system(s) in cnfrmance with the cnventins. If yu are dealing with a hardware vendr that yu have nt wrked with in the past, ABELSft recmmends checking references. In many areas ABELSft can prvide the names f hardware vendrs wh have prepared ABELMed systems in the past. The IT persn setting up the systems shuld read this full dcument befre setting up the systems. The cnventins are nt necessarily in the rder that they will be perfrmed; rather they are gruped by subject (Servers, Database, Clients, etc.). ABELSft Crpratin 2018 Page 2 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Server Setup Cnventins 2.1 Operating system 2.1.1 Windws Server 2016 /Windws Server 2012 R2 2.1.1.1 Setup Please cnfrm t the fllwing cnventins when setting up a Micrsft Windws 2016 Server. We recmmend that an Active directry dmain be set up with Remte Desktp Services. We recmmend using the NTFS file system. Encrypt the disks using BitLcker with AES and a 256-bit key. (Encryptin is mandated by OntariMD) Setup TCP/IP as the netwrk prtcl. Cnfigure a DHCP server t assign the IP addresses t client wrkstatins and ensure the server has a static IP address. ABELSft recmmends a ruter with a firewall n all high-speed Internet cnnectins. Name the Server using the custmer s ABELSft client ID number. Fr example, if the ABELSft custmer ID number is C09999-OMG, name the server C09999. Yu can btain the custmer ID number by cntacting ABELSft s sales department. An Active directry dmain is nrmally set up if using Windws Server 2016. With AD, user accunts nly have t be set up n the server, nt n each wrkstatin. Create an accunt fr each user. Create an ABELMed Users security grup Ensure that each accunt has a passwrd set. The users shuld change their passwrds upn first lgin. Disable the guest accunt. Set a strng passwrd fr the Administratr accunt. Make sure that the apprpriate persn at the ffice r clinic has this passwrd. Nrmally the dentist, ffice manager, r IT persn. This may be required if an ABELSft representative is prviding technical supprt remtely. Navigate t yur ABELMed installatin directry. Right-click and select Prperties>Security tab>select Users>uncheck Full Cntrl. Fr remte supprt purpses, a high-speed internet cnnectin is required. If ABELMed will ever be run n the server, set the display reslutin t at least 1280x1024. Install the mst recent service packs fr the server perating system, including all critical patches and htfixes frm Micrsft. Turn ff any CPU pwer saving features and disable hibernatin. Screensavers are nt an issue. Install the latest drivers fr all printer(s) in the ffice if using Remte Desktp Services t allw fr prper printer redirectin. ABELSft Crpratin 2018 Page 3 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Install and cnfigure any required backup prgrams. ABELSft recmmends the backup prgram bundled with Windws Server 2016, r a secure nline backup service. Backup jbs shuld be cnfigured: T perfrm a Full System backup with System State, T perfrm Data nly backups. This will have t be setup after ABELMed is installed. ABELSft recmmends that the ABELMed flder and its sub-flders be backed up. Sme backup prgrams have SQL plug-ins that have the ability t backup the SQL databases directly T backup n a schedule. Mst custmers will have enugh space available n media t perfrm a full backup with system state n a daily basis. This is recmmended fr small ffices withut an n-site IT persn t ensure that all data frm all applicatins is backed up. Mre sphisticated backup rtatins can be set up if and when space becmes an issue. A regular user will nt have apprpriate privileges t perfrm full system backups; any users that perfrm backups will have t be added t the Backup Operatr s grup. Imprtant ntes pertaining t backups: If using an nline backup service it is imprtant t ensure that data is fully encrypted while traveling ver the Internet and in strage. If yu have encryptin keys make sure they are kept in a safe place and that apprpriate peple have access t them If backing up t remvable media the remvable media must als be encrypted. Again any passwrds/encryptin keys must be kept safely. If the custmer has a high-speed Internet cnnectin it is recmmended that Autmatic Updates be turned n. Setup the default grup plicy fr the dmain t: Nte: Setting these plicies is mandatry in rder t meet OntariMD and CCHIT/HHS certificatin standards hwever the exact numbers can be decided by each practice. Our recmmended values are belw. The audit plicies are mandatry. Maximum passwrd age enabled fr 90 days Passwrd must meet cmplexity requirements Enable Enfrce Passwrd Histry set t 24 Accunt lckut duratin set t 15 minutes Accunt lckut threshld enabled fr 3 attempts Reset accunt lckut cunter set t 15 minutes Audit accunt lgn events enabled fr success/failure Audit accunt management enabled fr success/failure Audit lgn events enabled fr success/failure Audit bject plicy enabled fr success/failure ABELSft Crpratin 2018 Page 4 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Audit plicy change enabled fr success/failure Screen saver passwrd prtected enabled fr 3 minutes Netwrk security: D nt stre LAN Manager hash value n next passwrd change t enabled If nt already dne by default, turn ff unnecessary Services such as Messenger, IIS (If it will nt be needed) and FTP. If using these services, d nt allw annymus access. Install and cnfigure a reputable Anti-Virus Prduct. Set it up t autmatically receive updates regularly. It shuld be cnfigured fr real-time scanning and fr at least 1 full disk scan per week. 2.1.1.2 Testing Test Remte Desktp Services. Test Windws printing frm all wrkstatins, t all printers t which they will need t print. 2.1.2 Windws 10 File Server 2.1.2.1 Setup Please cnfrm t the fllwing cnventins when setting up a Windws 10 File server in a thick-client scenari. We recmmend using the NTFS file system. Encrypt the disks using BitLcker with AES and a 256-bit key. (Encryptin is mandated by OntariMD) Setup TCP/IP as the netwrk prtcl. We nrmally cnfigure TCP/IP t btain an IP autmatically. ABELSft recmmends a ruter with a firewall n all high-speed Internet cnnectins. The ruter if available usually des DHCP. If there is nt a ruter, Windws 10 will use Autmatic Private IP Addressing (APIPA). Name the cmputer with the custmer s ABELSft client ID number. Fr example if the ABELSft custmer ID number is C09999-OMG, name the server C09999. Yu can btain the custmer ID number by cntacting ABELSft s sales department. Turn ff sharing wizard/simple file sharing. Open Windws Explrer>File>Change flder and search ptins >G t the view Tab>Uncheck Use Sharing Wizard at the bttm. While yu are here als uncheck Hide extensins fr knwn file types. On lder perating systems, this can be accessed under Tls>Flder Optins. Create an accunt fr ABELMed users. An accunt can be set up fr each user, but yu shuld be aware that this accunt wuld have t be set up n all client machines frm which the user will be running ABELMed. This will require a little mre nging maintenance t administer the accunts when yu have staff changes. It is up t individual custmers t decide what is best fr their practice. Certified Slutins require accunts fr each user. Create an ABELMed Users security grup The ABELMed users shuld nt be part f the Administratr grup. Ensure that each accunt has a passwrd. The users shuld change their passwrd the first time they lg in. Disable the guest accunt. ABELSft Crpratin 2018 Page 5 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Put a strng passwrd n the Administratr accunt. Make sure that the apprpriate persn at the ffice r clinic has this passwrd. Nrmally the dentist, ffice manager, r IT persn. Navigate t the ABELMed installatin flder. Right-click and select Prperties>Security tab>select Users>uncheck Full Cntrl Fr remte supprt purpses, a high-speed internet cnnectin is required. Set the display reslutin t at least 1280x1024. Install the mst recent service packs fr the server perating system, including all critical patches and htfixes frm Micrsft. Turn ff any CPU pwer saving features and disable hibernatin. Screensavers are nt an issue. Install the latest drivers fr all printer(s) and any ther devices and peripherals. Install and cnfigure any required backup prgrams. Backup jbs shuld be cnfigured: T perfrm a Full System backup with System State, T perfrm Data nly backups. This will have t be setup after ABELMed is installed. ABELSft recmmends that the ABELMed flder and its sub-flders be backed up. Sme backup prgrams have SQL plug-ins that have the ability t backup the SQL databases directly T backup n a schedule. Mst custmers will have enugh space available n media t perfrm a full backup with system state n a daily basis. This is recmmended fr small ffices withut an n-site IT persn t ensure that all data frm all applicatins is backed up. Mre sphisticated backup rtatins can be set up if and when space becmes an issue. A regular user will nt have apprpriate privileges t perfrm full system backups; any users that perfrm backups will have t be added t the Backup Operatr s grup. Imprtant ntes pertaining t backups: If using an nline backup service it is imprtant t ensure that data is fully encrypted while traveling ver the Internet and in strage. If yu have encryptin keys make sure they are kept in a safe place and that apprpriate peple have access t them If backing up t remvable media the remvable media must als be encrypted. Again any passwrds/encryptin keys must be kept safely. If the custmer has a high-speed Internet cnnectin it is strngly recmmended that Autmatic Updates be turned n. If nt already dne by default, turn ff unnecessary Services such as Messenger, IIS (If it will nt be needed) and FTP. If using these services, d nt allw annymus access. Install and cnfigure a reputable Anti-Virus Prduct. Set it up t autmatically btain updates regularly. It shuld be cnfigured fr real-time scanning and fr at least 1 full disk scan per week. Setup the grup plicy t: ABELSft Crpratin 2018 Page 6 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Nte: Setting these plicies is mandatry in rder t meet CCHIT and OntariMD certificatin standards hwever the exact numbers can be decided by each practice. Our recmmended values are belw. The audit plicies are mandatry. In a Windws 10 based peer-t-peer r wrkgrup envirnment this plicy must be established n each machine. Maximum passwrd age enabled fr 90 days Passwrd must meet cmplexity requirements Enable Enfrce Passwrd Histry set t 24 2.1.2.2 Testing Accunt lckut duratin set t 15 minutes Accunt lckut threshld enabled fr 3 attempts Reset accunt lckut cunter set t 15 minutes Audit accunt lgn events enabled fr success/failure Audit accunt management enabled fr success/failure Audit lgn events enabled fr success/failure Audit bject plicy enabled fr success/failure Audit plicy change enabled fr success/failure Screen saver passwrd prtected enabled fr 3 minutes Netwrk security: D nt stre LAN Manager hash value n next passwrd change t enabled Test Remte Desktp Services. Test Windws printing. 2.2 Database 2.2.1 SQL Server 2016 Install SQL Server 2016 and prerequisites befre installing ABELMed. Remember t install all Service packs and htfixes fr SQL Server 2016. ABELMed uses Windws authenticatin. The ABELMed installatin will create the required databases and apply the required permissins fr client wrkstatins t access the data. It als creates a shrtcut, under Start>All Apps>ABELMed Administratin. This shrtcut will run a script t autmate the creatin f typical maintenance schedules and backup jbs. ABELSft Crpratin 2018 Page 7 f 32 Last updated Octber 9 th, 2018

Client Machine Setup 3.1 Windws 10 client machine 3.1.1 Setup ABELMed Platfrm Setup Cnventins Please cnfrm t the fllwing cnventins when setting up Windws 10 client machines: We recmmend using the NTFS file system. Setup TCP/IP as the netwrk prtcl. We nrmally cnfigure TCP/IP t btain an IP autmatically. ABELSft recmmends a ruter with a firewall n all high-speed internet cnnectins. If there is nt a ruter, Windws 10 will use Autmatic Private IP Addressing (APIPA). Name the cmputer with the custmer s ABELSft client ID number fllwed by a hyphen and a numeric extensin. Fr example if the ABELSft custmer ID number is C09999-OMG, name the first client machine C09999-1, the secnd client machine C09999-2, and s n Turn ff sharing wizard/simple file sharing. Open Windws Explrer>File>Change flder and search ptins >G t the view Tab>Uncheck Use Sharing Wizard at the bttm. While yu are here als uncheck Hide extensins fr knwn file types. On lder perating systems, this can be accessed under Tls>Flder Optins. Create accunt(s) fr ABELMed users. The Accunt names and passwrds must exactly match the accunt(s) created n the server. The users shuld nt be part f the administratr grup; they shuld be part f the Users grup. Yu can create a grup fr ABELMed users but n mst systems, all regular users will be ABELMed users s the regular users grup can be used instead. Ensure that each accunt has a passwrd. The users shuld change their passwrd the first time they lg in. (this will have t be dne fr each user n all machines). Disable the guest accunt. Put a strng passwrd n the Administratr accunt. Make sure that the apprpriate persn at the ffice r clinic has this passwrd. Nrmally the dentist, ffice manager, r IT persn. Set the display reslutin t at least 1280x1024. Install the mst recent service packs fr the server perating system, including all critical patches and htfixes frm Micrsft. Turn ff any CPU pwer saving features and disable hibernatin. Screensavers are nt an issue. Install the latest drivers fr all printer(s). If the custmer has a high-speed Internet cnnectin, it is recmmended that Autmatic Updates be turned n. Turn ff unnecessary Services such as Messenger, IIS (If it will nt be needed) and FTP. If using these services d nt allw annymus access. Nte that sme practices use ABEL s case presentatin sftware & will need IIS. ABELSft Crpratin 2018 Page 8 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Install and cnfigure a reputable Anti-Virus Prduct. Set it up t autmatically btain updates regularly. It shuld be cnfigured fr real-time scanning and fr at least 1 full disk scan per week. 3.1.2 Testing Test Windws printing frm all wrkstatins. Make sure that the client machine can cnnect t the server and access shares created n the server. If yu create test shares, please remember t remve them when yu are thrugh. ABELSft Crpratin 2018 Page 9 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Cmpatibility and setup with Firewalls, Anti-Virus and Security Suites 4.1 Setting up Firewall Appliances The specific instructins fr setting up Firewalls vary with make and mdel and ften require certified specialists. Mst ABELMed cmmunicatin is internal n the LAN with sme exceptins fr Lab and prescriptin cmmunicatin. In multi-site installatins additinal prts may have t be pened up t allw ABELMed cmmunicatin. Specific requirements n such cmmunicatin vary widely depending n the specific architecture f yur setup. The fllwing table details the types f cmmunicatin used by ABELMed and what prts may have t be pened up. Service r Functin Prt Prtcl Reasn required MS SQL 1433 incming TCP T cmmunicate with the SQL server. D nt pen this prt up t the Internet. If clients and servers are separated by a firewall prt n the LAN, r a sftware firewall, this prt may need t be pened lcally. File and Printer sharing Windws NetBIOS 139 incming 445 incming 137 incming TCP TCP UDP T save data t and retrieve data frm the file share. D nt pen these prts up t the Internet. If clients and servers are separated by a firewall prt n the LAN, r a sftware firewall, these prts may need t be pened lcally. 138 incming UDP ABELMed licensing 5093 incming UDP Only when thick clients with flating licenses are perating thrugh the firewall withut a VPN. ABELMed Prtal 1506 incming TCP If subscribed t ABELMed prtal. Thin Client / Terminal Services 1 3389 incming TCP T run the Remte Desktp Client cntrl. HTTP/HTTPS 80 utging 443 utging TCP TCP If the physicians require Internet access fr clinical research then the physician wuld typically access infrmatin by visiting web sites with a brwser. The articles wuld typically be in html, pdf, r wrd frmat. Occasinally the infrmatin wuld be delivered as a chargeable r restricted service ver an SSL secured web site. HTTP/HTTPS 80 incming 443 incming TCP TCP Fr remte supprt (t custmers with an Internet cnnectin) ABELSft uses a tl called GTAssist ( http://www.gtassist.cm ).N prts need be kept pen t allw incming traffic n the firewall as the sessin is initiated inside by the custmer ging t ABELSft s web site ( http://www.abelmed.cm ) and fllwing the link t the remte supprt server website ( http://www.gtassist.cm/sb/abelsft ) t enter the apprpriate sessin cde. Many firewalls nly blck incming traffic, and allw utging cnnectins n all prts. In cases where utging traffic is als restricted the custmer will require utging access n prts 80 (TCP) & 443 (TCP) t cnnect t the remte supprt sessin. The full sessin frm the frm where the sessin cde is entered is encrypted using 128 bit SSL encryptin. Prt 443 is als used fr cmmunicatin with Lab Interface & Surescripts Interface. FTP/SFTP 22 utging TCP Electrnic claims submissin NTP/SNTP 123 utging UDP Client/server wrkstatin time synchrnizatin. ABELSft Crpratin 2018 Page 10 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins 1 This prt is ptinal. Terminal Services cmmunicatin is n prt 3389/TCP. In the event that Terminal Services/ Remte Desktp is used t run ABELMed PM-EMR remtely client sftware then these prts must be pened n the firewall. Hwever if the Remte Desktp sessin is run within a VPN cnnectin this is nt necessary. ABELSft recmmends the VPN apprach t any custmers perating ABELMed PM-EMR ver a high speed Internet cnnectin. 4.2 Anti-Virus It is nt practical fr ABELSft t test large numbers f Anti-virus prgrams, as there are many such prgrams n the market. We rutinely check several f the mre ppular AV utilities with the latest versin f ABELMed. We pst ur findings in the table belw. Always check the nline versin f this dcument t ensure that yu are reading ur mst recent findings. ABELSft des NOT exclude ur prgram r data areas frm scanning n prductin systems. Such exclusins shuld nt be necessary. The fllwing prducts have been tested with ABELMed ver. 12 Prduct Results Wrkarund steps if required Symantec Endpint Prtectin 12 N Knwn Prblems n/a Micrsft Security Essentials Windws Defender Des nt install t Windws Server 2016/2012 R2. N knwn prblems. Ships with Windws 10, Windws Server 2012R2/2016. Kaspersky Small Office Security 3 Built-in firewalling and netwrk heuristics cause prblems with MS SQL and ABELMed licensing. Avast File scanner causes prblems with ABELMed executables during launch. Table last Updated December 24 th, 2015 check website fr mst recent versin. 4.3 Knwn prblems with Firewalls and steps t mitigate n/a Add apprpriate exceptins in firewall, exclude ABELMed applicatin frm heuristic scanning. Add exclusins fr ABELMed executables. ABELSft des nt perfrm regular testing with the varius sftware firewalls included with many cnsumer Internet security suites. ABELSft recmmends ruters r firewall appliances at the perimeter. Sme peple prefer sftware-based firewalls as well. Such devices might be desirable n larger netwrks where threats frm within the perimeter prtectin are mre likely. In such cases ABELSft recmmends the Windws Firewall included with all recent Micrsft perating systems. The fllwing has been fund t wrk. Prduct Results Wrkarund required ABELSft Crpratin 2018 Page 11 f 32 Last updated Octber 9 th, 2018

Micrsft Windws Firewall Nrtn Internet Security ABELMed Platfrm Setup Cnventins Tested. Client unable t get license. Limited testing in the field. Must add exceptins in firewall fr all required prts. See table at end f dcument fr required prts. Must add exceptins in firewall fr all required prts. See table at end f dcument fr required prts. Kaspersky Small Office Security 3 Extensive testing Must add exceptins in firewall fr all required prts. See table at end f dcument fr required prts. ABELSft Crpratin 2018 Page 12 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Prtecting Health Infrmatin and system Reliability 5 Standards t Prtect Data and Increase System Reliability One f the strngest advantages f perating n industry standard platfrms such as Micrsft Windws based perating system n Intel (r cmpatible) hardware platfrms is that there are many technlgies available that can be leveraged t increase the reliability f yur system, reduce dwntime, and prtect yur data. This sectin briefly discusses a few f these ptins that ABELSft recmmends that yu cnsider implementing. 5.1 Disk Mirrring and RAID Arrays The risk f data lss in the event f a server hard disk failure is mitigated by Windws ability t mirrr the disks. In the event f a disk failure the remaining disk cntinues t wrk until such a time as it is cnvenient t replace the failed disk and re-establish the mirrr set. 5.2 Backups In the event f data crruptin, hard disk failure, r ther failure that results in the lss f access t the EMR, ABELSft wuld have t recver the client s mst recent backup(s). ABELSft users typically use the Backup Utility fr Windws that is supplied with Windws Server 2016, but ABELMed has the flexibility t wrk with mst backup prgrams and backup services n the market shuld the custmer prefer. Detailed backup & recvery prcedures are prvided in the ABELMed manual. ABELSft Crpratin 2018 Page 13 f 32 Last updated Octber 9 th, 2018

5.3 Encryptin ABELMed Platfrm Setup Cnventins Strng encryptin is required n any disks cntaining PHI. 256bit AES is the current standard. Cmputer hard disks, remvable backup media, and media that data is exprted t all need t be encrypted. There is mre infrmatin n the MyABEL.cm site https://www.myabel.cm/medicalcdn/dataencryptin. 5.4 Multi Factr Authenticatin ABELMed leverages the industry standard Micrsft Windws perating system fr authenticatin, passwrd rules, etc. There are several prducts available that prvide tw factr authenticatin fr Windws lgins. Given the very sensitive nature f Prtected Health Infrmatin, and the high risk and cst f privacy breaches, we recmmend implementing ne f these technlgies t strengthen security arund user authenticatin in yur practice. 5.5 Uninterruptable Pwer Supplies The risk f data lss in the event f a pwer utage that extends beynd the capacity f the battery, t prvide adequate pwer, is mitigated by Windws built in ability t mnitr pwer status & UPS battery state. Windws can be cnfigured t ntify users and perfrm an rderly shutdwn, preventing data lss. 5.6 Updates The imprtance f installing Windws Updates Mst Windws updates include security updates. Security vulnerabilities can be explited by malware r hackers. These types f situatins are regularly identified in varius parts f Windws ActiveX, Internet Explrer and.net Framewrk are just examples. These vulnerabilities are eliminated by Windws updates. ABELSft Crpratin 2018 Page 14 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Other updates address ther bugs and issues in Windws. Even thugh they are nt respnsible fr security vulnerabilities, they might impact the stability f yur Operating System, r impact applicatins yu are using. Windws Updates als cme with new features, while patching sme knwn issues. Mst cmputers shuld have Windws Updates set up t Install Updates Autmatically, which is the recmmended setting. Hwever, yu als have the ptin f manually checking fr updates if preferred. 5.7 Security Mnitring ABEL recmmends business grade ruter/firewall appliances that have features like Intrusin Detectin and Intrusin Preventin capability IDS/IPS. While having such appliances in place helps it is best nt t set it and frget it. Ideally mnitring and checking f alerts and lgs, bth appliance and cmputer lgs, shuld be a regular nging practice. This allws detectin fllw-up and adjustment when required. When such activity is perfrmed regularly and prperly dcumented, incidents can be quickly detected and acted upn. There will be n questin that yu have been perfrming yur due diligence shuld a breach ccur. Mst practices d nt have suitable expertise n staff t review these alerts and lgs. Third party Managed Detectin and Respnse (MDR) services are recmmended fr this rle. 5.8 Additinal Technlgies ABELMed PM - EMR has been designed wrk n the Micrsft Windws platfrm. These platfrms have many such features incrprated int the perating system. The Windws platfrm als interperates with many third party prducts, bth hardware and sftware, that can be used t mitigate risk and prtect data. The level f fault tlerance can be cnfigured t match the requirements f the health care prvider. In additin t hardware and sftware slutins there are many services available t help prtect yur Windws system. These include such services as Online Data Backups as well as Remte Mnitring and Administratin. ABELSft can help yu with such services. ABELSft Crpratin 2018 Page 15 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Appendix A - Detailed Steps n the security settings described abve This sectin prvides detailed steps fr cnfiguratin f the security settings and grup plicy settings mentined abve fr technicians r custmers wh may nt be familiar with them. Steps may vary slightly depending n OS versin. 6.1 Creating ABELMed Users Grup and User Accunts This sectin cvers the initial user setup that wuld nrmally be perfrmed by the hardware vendr r IT department befre ABELSft cmes ut t d the installatin. The ABELMed administratr will set these users up as members in ABELMed and cnfigure the apprpriate levels f privilege in ABELMed. Onging administratin including deletin and mdificatin f user accunts is cvered in the ABELMed user s manual. Initially we recmmend that an ABELMed Users Grup be setup. 1. Lg in n the server. 2. Select Start> Active Directry Users & Cmputers 3. Right click n users and selects New > Grup frm the pp ut menus 4. Fill in the grup name ABELMed Users 5. The Scpe f the Grup is nrmally the Dmain lcal 6. The Type f Grup is Security Each user is set up in Windws with a username matching the member s username in the ABELMed Authenticatin Manager. The typical steps n a Windws 2016 Server wuld be as fllws: 1. Lg in n the server. 2. Select Start> Active Directry Users & Cmputers 3. The Administratr right clicks n users and selects New > User frm the pp ut menus ABELSft Crpratin 2018 Page 16 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins 4. Fills in the user s first name, last name and username then click n next. 5. The initial passwrd wuld be entered by the administratr twice, checking the ptin t frce the user t change it n next lgn, befre clicking n next, and then finish t create the user. 6. The user wuld then be added t the ABELMed Users grup. By duble clicking n the new username, clicking n the Member Of tab, clicking in the Add buttn, typing in the grup name, clicking n the Check Names buttn, and OK ABELSft Crpratin 2018 Page 17 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins On a small standalne r peer-peer netwrk with a Windws 10 based file server, the steps wuld be similar nly they will be perfrmed under cmputer Management. Right click n My Cmputer, select Manage, expand System Tls, Lcal Users & Grups, right click n Grups, select New Grup and then add the grup and user in the same way as described abve. Add the user t the apprpriate ABELMed Users grup when finished. On a small netwrk such as this the user must be created identically n each wrkstatin. ABELSft Crpratin 2018 Page 18 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins 6.2 Installing Remte Desktp Services This sectin will prvide detailed steps n hw t install and cnfigure Remte Desktp Services n the Windws Server 2016 Operating system. 1. Open Server Manager by clicking the Server and Tlbx icn beside the start menu: 2. Under Manage, click Add Rles and Features. 3. On the Befre Yu Begin page f the Add Rles Wizard, click Next. 4. On the Installatin Type page, select the Remte Desktp Services Installatin check bx, and then click Next. 5. On the Select Deplyment Type page, click Quick Start. 6. On the Select Deplyment Scenari page, select the Sessin-based desktp deplyment. 7. On the Select a Server page, chse yur server frm the server pl and click Next. On the Cnfirm Selectins page, click Restart the destinatin server autmatically if required, and then click Deply. 8. Once the server restarts, g back int Server Manager, Add Rles and Features, and select Remte Desktp Licensing frm belw the Remte Desktp Services sectin. Click Next twice, then click Install. 9. After the server restarts, the remaining steps f the installatin finish. When the Installatin Results page appears, cnfirm that installatin f the RD Sessin Hst rle service succeeded. 6.3 Passwrd Plicies The fllwing steps describe hw t set the grup plicy t ensure passwrd length & cmplexity rules are enabled in Windws Server 2016. 1. Click n the Windws Start buttn. 2. Type Grup Plicy Management. 3. Click Grup Plicy Management. 4. In Grup Plicy Management, expand the tree view in the left clumn s yu can see the Default Dmain Plicy directly belw the dmain name 5. Right-click n Default Dmain Plicy and select Edit frm the drp dwn menu. ABELSft Crpratin 2018 Page 19 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins 6. In the Grup Plicy Windw, click the + t expand Cmputer Cnfiguratin. 7. Click the + t expand Plicies. 8. Click the + t expand Windws Settings. 9. Click the + t expand Security Settings. 10. Click the + t expand Accunt Plicy 11. Click n Passwrd Plicy. 12. ABELSft recmmends that several Plicies be set here: a. Minimum Passwrd length shuld be set at 8 r mre characters b. Passwrd must meet cmplexity requirements shuld be defined and enabled. This will mandate additinal criteria beynd the standard Windws case sensitive passwrd c. Enfrce passwrd histry shuld be set t help prevent passwrds frm being reused. We suggest the maximum value f 24 be used. d. The abve Plicy wuld be ineffective if users culd quickly cycle thrugh passwrds until they can reuse them. A Minimum passwrd age f 30 days will prevent such abuse. e. A passwrd age f 90 Days will ensure quarterly passwrd changes. This wuld be the lngest ABELSft wuld recmmend. Sme ffices like a Maximum passwrd age f 42 days t ensure passwrd changes at lease every 6 weeks. ABELSft Crpratin 2018 Page 20 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins ABELSft Crpratin 2018 Page 21 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Similar Plicies can be applied t Standalne r small peer-peer netwrks using the Lcal Cmputer Plicy prvided by Windws 10. The Administratr can achieve access t the plicy by clicking n Start > Typing in GPEdit.msc > and clicking n OK. The diagram belw shws that the same settings are available there. 6.4 Accunt Lckut Plicies ABELMed relies n Micrsft Windws t prvide the authenticatin, and n Micrsft Windws Grup Plicy t cntrl the behavir f the system n failures t authenticate. The fllwing steps shw hw t cnfigure a typical accunt lckut plicy. This example shws hw t set a lckut after 3 invalid lgin attempts, set the lckut duratin t 3 days, and reset the lckut cunter daily (S that 3 failed lgin attempts in a day wuld lck the user accunt fr 3 days, unless an administratr manually unlcked the accunt. Manual unlcking can be perfrmed by the administratr as shwn at the end f this sectin. 1. Click n the Windws Start buttn. 2. Select Administrative Tls. 3. Click Grup Plicy Management. 4. In Grup Plicy Management, expand the tree view in the left clumn s yu can see the Default Dmain Plicy directly belw the dmain name ABELSft Crpratin 2018 Page 22 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins 5. Right-click n Default Dmain Plicy and select Edit 6. Click the + t expand Windws Settings. 7. Click the + t expand Security Settings. 8. Click the + t expand Accunt Plicies. 9. Select Accunt Plicy Lckut 10. Duble-click Accunt lckut threshld ABELSft Crpratin 2018 Page 23 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins 11. Change the value f Accunt will lck ut after: t 3 invalid lgn attempts. 12. Click OK. 13. Duble-click Accunt lckut duratin. 14. Type in the value 15 minutes. 15. Click OK. ABELSft Crpratin 2018 Page 24 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins 16. Duble-click n Reset accunt lckut cunter after. 17. Type in the value 15 minutes. 18. Click n OK. 19. Click the X in the upper right f the Grup Plicy windw. 6.5 Inactivity timeut and lck ABELMed leverages Micrsft Windws technlgies that lck a system upn detectin f inactivity. The prcedure is described belw. ABELSft prescribes Windws 10 fr secure use wrkstatins. In these cases ABELMed PM - EMR and perating system lgn security is integrated (i.e., Single sign-n methdlgy). These wrkstatins can be set in Windws t autmatically lck after a defined perid f inactivity at the wrkstatin by specifying the screen-saver t be the native Windws 10 passwrd lgn screen-saver. These settings can be enfrced and lcked-dwn with an enfrced grup plicy fr grups f statins r users r individual statins r users. Like the Passwrd and Accunt Lckut Plicies these settings are best made in Grup Plicy. Fllw the Steps in the previus tw steps t enter grup Plicy. The screen saver timeut Plicies are set at User Cnfiguratin>Administrative Templates>Cntrl Panel>Persnalizatin>Screen Saver Timeut Suggested value is 180 secnds (3 minutes). Sme users find this t be t lw. We suggest trying 3 minutes, and if it causes many prblems this value can always be increased later (with permissin frm the apprpriate physicians r ther authrities). ABELSft Crpratin 2018 Page 25 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins 6.6 Make sure that user can change their wn passwrd On a Windws 2016 dmain when the administratr creates the user accunt, the administratr determines whether the user will have the apprpriate level f privilege t change their wn passwrd. The screen capture belw shws the default setting where User cannt change passwrd is UNCHECKED. This setting cannt be selected when User must change passwrd at next lgn is selected, therefre the setting is already crrect fr new accunts with User must change passwrd at next lgn selected. Fr existing accunts yu shuld manually check t make sure that User cannt change passwrd is unchecked. yu can get t this setting by clicking n Start>Administrative Tls>Active Directry Users & Cmputers ABELSft Crpratin 2018 Page 26 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins >duble click n users> duble click n the apprpriate user > Click n the accunt tab checkbxes will be in the accunt ptins area. Similarly, if a Windws 2016 dmain des nt exist, when the administratr creates the user accunt in Windws 10, the administratr determines whether the user will have the apprpriate level f privilege t change their wn passwrd. The screen capture belw shws the default setting where User cannt change passwrd is UNCHECKED. 6.7 Setup NTP/SNTP Time Synchrnizatin Explanatin f NTP time synchrnizatin can be fund n the Micrsft website http://supprt.micrsft.cm/kb/816042 ABELSft Crpratin 2018 Page 27 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins We are including excerpts n the specific setup steps required here. We strngly recmmend an external time surce as dcumented here, rather than the internal time surce that is als mentined in the same Micrsft article. Cnfiguring the Windws Time service t use an external time surce T cnfigure an internal time server t synchrnize with an external time surce, fllw these steps: 1. Change the server type t NTP. T d this, fllw these steps: a. Click the Start buttn, type regedit, and then click OK. b. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\Parameters\ Type c. In the right pane, right-click Type, and then click Mdify. d. In Edit Value, type NTP in the Value data bx, and then click OK. Set AnnunceFlags t 5. T d this, fllw these steps:. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\Cnfig\Ann unceflags a. In the right pane, right-click AnnunceFlags, and then click Mdify. b. In Edit DWORD Value, type 5 in the Value data bx, and then click OK. Enable NTPServer. T d this, fllw these steps:. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\TimePrvider s\ntpserver a. In the right pane, right-click Enabled, and then click Mdify. b. In Edit DWORD Value, type 1 in the Value data bx, and then click OK. Specify the time surces. T d this, fllw these steps:. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\Parameters a. In the right pane, right-click NtpServer, and then click Mdify. ABELSft Crpratin 2018 Page 28 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins b. In Edit Value, type Peers in the Value data bx, and then click OK. Nte Peers is a placehlder fr a space-delimited list f peers frm which yur cmputer btains time stamps. Each DNS name that is listed must be unique. Yu must append,0x1 t the end f each DNS name. If yu d nt append,0x1 t the end f each DNS name, the changes made in step 5 will nt take effect. Select the pll interval. T d this, fllw these steps:. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\TimePrvider s\ntpclient\specialpllinterval a. In the right pane, right-click SpecialPllInterval, and then click Mdify. b. In Edit DWORD Value, type TimeInSecnds in the Value data bx, and then click OK. Nte TimeInSecnds is a placehlder fr the number f secnds that yu want between each pll. A recmmended value is 900 Decimal. This value cnfigures the Time Server t pll every 15 minutes. Cnfigure the time crrectin settings. T d this, fllw these steps:. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\Cnfig\MaxP sphasecrrectin. In the right pane, right-click MaxPsPhaseCrrectin, and then click Mdify. a. In Edit DWORD Value, click t select Decimal in the Base bx. b. In Edit DWORD Value, type TimeInSecnds in the Value data bx, and then click OK. Nte TimeInSecnds is a placehlder fr a reasnable value, such as 1 hur (3600) r 30 minutes (1800). The value that yu select will depend upn the pll interval, netwrk cnditin, and external time surce. c. Lcate and then click the fllwing registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentCntrlSet\Services\W32Time\Cnfig\MaxN egphasecrrectin ABELSft Crpratin 2018 Page 29 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins d. In the right pane, right-click MaxNegPhaseCrrectin, and then click Mdify. e. In Edit DWORD Value, click t select Decimal in the Base bx. f. In Edit DWORD Value, type TimeInSecnds in the Value data bx, and then click OK. Nte TimeInSecnds is a placehlder fr a reasnable value, such as 1 hur (3600) r 30 minutes (1800). The value that yu select will depend upn the pll interval, netwrk cnditin, and external time surce. Quit Registry Editr. At the cmmand prmpt, type the fllwing cmmand t restart the Windws Time service, and then press ENTER: net stp w32time && net start w32time 6.8 Disable LMHash Mdern Windws systems use a very secure system called Kerbers fr secure authenticatin. Passwrds are nt directly stred r transmitted. Standards based hashes(md4) are stred in encrypted databases, and nly hashes f passwrds are ever transmitted. Windws systems als have cmpnents that supprt backward cmpatibility t lder less secure authenticatin systems, specifically ne cmpnent called LANManager. ABELSft recmmends that yu turn ff such cmpatibility s that passwrd hashes are nt stred r transmitted using these lder vulnerable standards. The fllwing instructins tell hw t disable the LMHash Implement the NLMHash Plicy by Using Grup Plicy T disable the strage f LM hashes f a user's passwrds in the lcal cmputer's SAM database by using Lcal Grup Plicy (Windws 10 r Windws Server 2016) r in a Windws Server 2016 Active Directry envirnment by using Grup Plicy in Active Directry, fllw these steps: 1. In Grup Plicy, expand Cmputer Cnfiguratin, expand Plicies, expand Windws Settings, expand Security Settings, expand Lcal Plicies, and then click Security Optins. 2. In the list f available plicies, duble-click Netwrk security: D nt stre LAN Manager hash value n next passwrd change. 3. Click Enabled, and then click OK. ABELSft Crpratin 2018 Page 30 f 32 Last updated Octber 9 th, 2018

ABELMed Platfrm Setup Cnventins Appendix B Security and Auditing Checklist This checklist is prvided t help yu systematically perfrm the recmmended security setup. Make cpies f the pages fr mre than 5 wrkstatins. Practice Name: ABEL ID: Date: Security Requirements Server Wrkstatin 1 Wrkstatin 2 Wrkstatin3 Wrkstatin 4 Wrkstatin 5 Machine Name Encrypt Drive(s) Enfrce passwrd histry enabled Maximum passwrd age enabled fr 90 days Minimum passwrd length set t 8 characters enabled Passwrd must meet cmplexity requirements Accunt lckut duratin set t 15 minutes Accunt lckut threshld enabled fr 3 attempts Reset accunt lckut cunter set t 15 minutes Audit accunt lgn events enabled fr success/failure Audit accunt management enabled fr success/failure Audit lgn events enabled fr success/failure Audit bject access enabled fr success/failure Audit plicy change enabled fr success/failure ABELSft Crpratin 2018 Page 31 f 32 Last updated Octber 9 th, 2018

Screen saver passwrd prtected enabled fr 3 minutes Remte Access enabled/cnfigured Time synchrnizatin cnfigured Firewall rules created 1. MS SQL 1433 2. MS SQL 1434 3. NetBIOS 139 4. Micrsft DS 445 5. NetBIOS 137 6. NetBIOS 138 7. SSL 443 8. RDP 3389 Backup sftware installed/cnfigured t backup 1. Applicatin data 2. Security credentials 3. Lg/audit files Backup and archive files are encrypted Antivirus sftware installed N cnflict between ABELMed and installed antivirus sftware VPN sftware installed/cnfigured Uninterruptable Pwer Supply 1. Setup 2. Sftware installed Cnfigure & Test Multi- Factr Authenticatin if implementing it Physical security f server/desktp ABELMed Platfrm Setup Cnventins I verify that ABELSft s security and auditing checklist has been cmpleted as indicated abve. IT Technician Name: IT Technician Signature: ABELSft Crpratin 2018 Page 32 f 32 Last updated Octber 9 th, 2018

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback