Cyber Security:
Software Security and Hard Drive Encryption
Links in this document have been set for a desktop computerCopyright © 2012 Cepheid. Cepheid®, the Cepheid logo, GeneXpert®, and Xpert® are trademarks of Cepheid.
Table of Contents
Introduction
Scope...1-1 Intended Audience ...1-1 Contents...1-1
Norton 360 Premier Edition Version 6
Introduction ...2-1 Estimated Time...2-1 Before You Begin ...2-1 Installing Norton 360 Premier Edition...2-1 Setting Up Norton 360 Premier Edition...2-4
McAfee AntiVirus Plus 2012
Introduction...3-1 Estimated Time...3-1 Before You Begin ...3-1 Installing McAfee AntiVirus Plus 2012...3-1 Setting Up McAfee AntiVirus Plus 2012...3-4
Trend Micro Titanium Maximum Security 2012
Introduction ...4-1 Estimated Time...4-1 Before You Begin ...4-1 Installing Trend Micro Titanium Maximum Security 2012...4-1 Setting Up Trend Micro Titanium Maximum Security 2012...4-4 Installing or Upgrading GeneXpert Software for Windows XP ...4-6
Symantec PGP Whole Disk Encryption Configuration
Introduction ...5-1 Scope...5-1 General Overview of Encryption Setup ...5-1 Estimated Time ...5-1 Before You Begin ...5-1 Installing Symantec PGP Whole Disk Encryption ...5-2 Setting Up PGP Desktop ...5-2 Creating a Passphrase User ...5-4 Setting Up Whole Disk Encryption ...5-8
Technical Support
Chapter 1 Introduction
Cepheidis a molecular diagnostics company that is dedicated to improving healthcare by developing, manufacturing, and marketing accurate yet easy-to use molecular systems and tests. Ensuring the integrity of our systems and the business continuity of our customers is a top concern for Cepheid. This document is intended to assist our customer IT staff in securing their general network infrastructure where Cepheid medical products are in use.
Cepheid uses commercial off-the-shelf products that include Microsoft Operating Systems in its portfolio of computer based medical products. Cepheid takes cybersecurity seriously by taking a number of actions and measures in an effort to make our products safe from software vulnerability and exploits. However, due to the ubiquitous computing and interconnected nature of today’s world coupled with the fast changing landscape of cyber threats, this volatile condition poses a significant risk to the security of our products.
Cepheid expects our customers to be vigilant in the security of their systems. This document provides guidance on implementing some of the most common anti-virus and security tools. However, this document is not intended to cover all aspects of cybersecurity required to protect our customers systems.
1.1 Scope
This document provides instructions for implementing off-the-shelf security products on the GeneXpert® products.
1.2 Intended Audience
This document is intended for experienced IT professionals.
1.3 Contents
Chapter 1: Introduction
Chapter 2: Norton 360 Premier Edition Version 6 Chapter 3: McAfee AntiVirus Plus 2012
Chapter 2 Norton 360 Premier Edition
Version 6
2.1 Introduction
Norton 360 Premier Edition is a complete security software suite. The software provides several complementary features that protect your computer from security threats:
• Antivirus running scans for detection of risks • Firewall intrusion and browser protection • Automatic Protection of active files
This document provides information for installing and configuring Norton 360 Premier Edition on the GeneXpert System Computer.
2.2 Estimated Time
Installation of Norton 360 Premier Edition 6 will take approximately 30 minutes.
2.3 Before You Begin
1. Connect to the internet. The internet is needed to complete installation. 2. Have a Norton 360 Premier Edition product key ready.
3. Login as “cepheid-admin” (Windows 7) or “cepheid” (Windows XP).
a. If other antivirus software is installed, uninstall it prior to installing Norton 360 Premier Edition:
b. In Windows 7, click Start, click Control Panel, under Programs click Uninstall a
Program, click on the antivirus software, and click Uninstall/Change.
c. In Windows XP, click Start, click Control Panel, click Add or Remove Programs, click on the antivirus software, and click Change/Remove.
4. Turn Windows Firewall Off:
a. For Windows 7, click Start, click Control Panel, click System and Security, and click Windows Firewall. On the left panel, click Turn Windows Firewall on or off, check Off and click OK.
b. In Windows XP, click Start, click Control Panel, click Windows Firewall, check Off
Norton 360 Premier Edition Version 6
2.4 Installing Norton 360 Premier Edition
1. Launch the Norton 360 Premier Edition installer.
2. When the Welcome to Norton 360 Premier Edition screen appears, click on Install
Norton 360 Premier Edition. The screen will remain open for the installation process.
Figure 2-1. Welcome Screen
3. If a prompt asks to run a publisher or program that is not verified during installation, click
Run or Yes.
4. Enter in the Product Key. Uncheck I want to join Norton Community Watch… and click Agree & Install. Progress screens will appear the next 2 to 5 minutes.
Installing Norton 360 Premier Edition
5. After Installation is complete, click Explore. A reminder will appear to connect the internet if you haven’t already.
Figure 2-3. Installation is Complete
6. Activation will automatically start. When prompted to complete activation, enter an email address and click Next.
Norton 360 Premier Edition Version 6
7. If a Norton account has already been activated, enter the password. If no Norton account is activated, finish completing account setup. Click Next.
• Optional - Uncheck Email me security alerts and Email me product updates,
offers, and security newsletters.
Figure 2-5. Create Your Norton Account
8. After successful completion of activation and registration, click Done.
2.5 Setting Up Norton 360 Premier Edition
1. Click on Norton 360 desktop icon if software is not already launched.
Setting Up Norton 360 Premier Edition
2. By default, a scheduled scan will be performed once every 8 days starting from the first day software gets installed. The scan will occur during idle time. Modify the frequency of the time to meet your organization’s security guidelines. However, ensure that the scan will not be performed during a time when the GeneXpert System will be processing tests. To modify the scan schedule:
a. Click on Settings.
b. Click on the Antivirus icon.
Figure 2-7. Antivirus icon
c. Click on the Scans and Risks tab.
d. Find Full System Scan near the end of the list and click on Configure +.
Figure 2-8. Antivirus Settings - Scans and Risks
e. Under Scan Schedule tab, modify scan schedule based on Start Time, and Day of the week.
3. It is recommended running a scan after installing the software. To complete, click Tasks, and click Run Scan.
Norton 360 Premier Edition Version 6
4. Check Custom Scan and click Go.
Chapter 3 McAfee AntiVirus Plus 2012
3.1 Introduction
McAfee AntiVirus Plus 2012 software is a complete security software suite. The software provides several complementary features to protect your computer from security threats: • Antivirus, spyware, and malware protection with scheduled scans that detect and eliminate
viruses and spyware
• Real-time scanning of active files
• Firewall to protect the computer against intruders
This document provides information for installing and configuring McAfee AntiVirus Plus on the GeneXpert System Computer.
3.2 Estimated Time
Installation of McAfee AntiVirus Plus 2012 will take approximately 30 minutes.
3.3 Before You Begin
1. Connect to the internet which is needed for a complete installation. 2. Have a McAfee AntiVirus Plus 2012 product key ready.
3. Login as “cepheid-admin” (Windows 7) or “cepheid” (Windows XP).
4. If other antivirus software is installed, uninstall it prior to installing McAfee AntiVirus Plus 2012:
a. In Windows 7, click Start, click Control Panel, under Programs click Uninstall a
Program, click on the antivirus software, and click Uninstall/Change.
b. In Windows XP, click Start, click Control Panel, click Add or Remove Programs, click on the antivirus software, and click Change/Remove.
5. Close any open applications.
3.4 Installing McAfee AntiVirus Plus 2012
1. Launch the McAfee Antivirus Plus installer.
2. If a prompt asks to run a publisher or program that is not verified during installation, click
McAfee AntiVirus Plus 2012
3. If the Internet Connection Required message appears, connect to the internet and click
Next.
Figure 3-1. Internet Connection Required
4. Check the box underneath License Agreement; check Download and install the latest
version of your software from the web; uncheck Send anonymous usage
information to McAfee. Click Install. Progress screens will appear for the next 5-10 minutes.
Installing McAfee AntiVirus Plus 2012
5. After Installation Complete message appears, click Next.
Figure 3-3. Installation Complete
6. Enter in the Activation Key and click Next.
McAfee AntiVirus Plus 2012
7. For Log in or Create a New Account, enter required information to create a new McAfee account or log in to an existing account, then click Next.
• Optional - uncheck boxes on the right side of the screen
Figure 3-5. Activation Successful
8. After account Activation Successful screen appears, click Finish. Window will close and a confirmation email will be sent.
3.5 Setting Up McAfee AntiVirus Plus 2012
1. To launch McAfee Antivirus Plus software, click on the McAfee AntiVirus Plus shortcut displayed on the Desktop.
Setting Up McAfee AntiVirus Plus 2012
a. Click on Virus and Spyware Protection.
Figure 3-6. McAfee AntiVirus Plus Home Screen
3. Click the last option, Schedule Scanning.
Figure 3-7. Schedule Scanning
McAfee AntiVirus Plus 2012
5. Click Apply after all schedule changes are made
All defaults settings set require no further actions. If further configuration settings are needed, modify according to your organization’s security guidelines.
Chapter 4 Trend Micro Titanium Maximum
Security 2012
4.1 Introduction
Trend Micro Titanium Maximum Security 2012 is a complete security software suite. The software provides several complementary features that protect your computer from security threats:
• Virus & Spyware Controls allows for schedule scans to eliminate viruses and spyware • Firewall to protect the computer against intruders
• Real-time scanning for active files
This document provides information for installing and configuring Trend Micro Titanium Maximum Security on the GeneXpert System Computer.
4.2 Estimated Time
Installation of Trend Micro Titanium Maximum Security 2012 will take approximately 30 minutes.
4.3 Before You Begin
1. Connect to the internet. The internet is needed to complete installation. 2. Have a Trend Micro Titanium Maximum Security product key ready 3. Login as “cepheid-admin” (Windows 7) or “cepheid” (Windows XP).
4. If other antivirus software is installed, uninstall it prior to installing Trend Micro Titanium Maximum Security.:
a. In Windows 7, click Start, click Control Panel, under Programs click Uninstall a
Program, click on the antivirus software, and click Uninstall/Change.
b. In Windows XP, click Start, click Control Panel, click Add or Remove Programs,
click on the antivirus software, and click
Change/Remove
. 5. Close any open applications.4.4 Installing Trend Micro Titanium Maximum
Security 2012
1. Launch the Trend Micro Titanium Maximum Security 2012 installer.
2. If a prompt asks to run a publisher or program that is not verified during installation, click
Trend Micro Titanium Maximum Security 2012
3. Wait a few minutes until installer window appears and click Install Program. The installer window will remain open for the remainder installation and other information can be opened without interruption.
Figure 4-1. Trend Micro Titanium: Install Program
4. A system requirement check will run. After completion, type in the serial number and then click Next.
Installing Trend Micro Titanium Maximum Security 2012
5. Uncheck Share threat information with Trend Micro and click Agree and Install.
Figure 4-3. Trend Micro Titanium: License Agreement
6. Installation progress screens will appear for the next 5 -10 minutes. After completion, enter your email address to activate the software.
7. If an account is already set up, enter in password. If an account is setup, fill in the following information and then click Next.
• Optional – Uncheck Receive the latest news and offers from Trend Micro.
Figure 4-4. Trend Micro Titanium: Enter Account Information
Trend Micro Titanium Maximum Security 2012
10.When SafeSync introduction screen appears, click Don’t show this page again and Exit.
Figure 4-5. Trend Micro Titanium: SafeSync
11.Exit any installer screens if any remain open
4.5 Setting Up Trend Micro Titanium Maximum
Security 2012
Setting Up Trend Micro Titanium Maximum Security 2012
2. Click on the Virus & Spyware Controls tab.
• Optional - Check Enable real-time scanning for compressed files (like ZIP
files). Click Apply to save settings.
Figure 4-7. Trend Micro Titanium: Enable Real-Time Scanning
3. By default, a scheduled scan will be performed once a week, on Friday at 12:00 PM. The scan frequency and start time may be modified to meet your organization’s security guidelines. However, ensure that the scan will not be performed during a time when the GeneXpert System will be processing tests. To modify the scan schedule:
a. Click Schedule Scans.
Trend Micro Titanium Maximum Security 2012
4. To modify Firewall Booster, click on the Internet & Email Controls tab and click
Network. Check Activate the Firewall Booster… and click Apply
Figure 4-9. Trend Micro Titanium: Protection Settings - Network
5. It is recommended to run an initial scan after setup. On the home screen click Scan and a Quick Scan will start.
Figure 4-10. Trend Micro Titanium: Scan Icon
4.6 Installing or Upgrading GeneXpert Software for
Windows XP
If Trend Micro Security software is configured and you wish to install or upgrade GeneXpert software, complete the following steps:
Installing or Upgrading GeneXpert Software for Windows XP
3. Click on Scan Preferences and uncheck Check if programs try to make unauthorized
changes to the system settings. 4. Click Apply.
Figure 4-11. Trend Micro Titanium: Protection Settings - Scan Preferences
5. Install or upgrade GeneXpert software by following the Install Instructions in 300-8398. 1. Launch Trend Micro Titanium Maximum Security and click on Settings.
2. Click on the Virus & Spyware Controls tab.
3. Check the box Check if programs try to make unauthorized changes to the system
settings.
Chapter 5 Symantec PGP Whole Disk
Encryption Configuration
5.1 Introduction
Hard drive encryption is an important layer of data security in the event of a malicious attack against a physical computer. When a hard drive has been encrypted, the data on the drive is not accessible by anyone who does not possess a valid password, regardless of their physical possession of the computer.
Once the hard drive has been encrypted, every time a user starts the computer a password will be required prior to logging into Windows.
5.2 Scope
Symantec PGP Whole Disk Encryption is an FIPS 140-2 validated security product, and Cepheid has qualified the GeneXpert software for use with this product on both Windows 7 and Windows XP computers. This document provides information for installing and
configuring hard drive encryption on the GeneXpert System Computer.
While Symantec PGP Whole Disk Encryption provides other features such as email encryption and USB drive encryption, this document will only provide information for the hard drive encryption feature.
5.3 General Overview of Encryption Setup
• Install PGP Whole Disk Encryption software • Setup PGP Whole Disk Encryption software • Configure User Account (s) and starting passphrases • Encrypt Whole Disk
• Type Passphrase to a pre-boot window, before Windows login
5.4 Estimated Time
• Installation of the Symantec PGP Whole Disk Encryption software takes about 1 hour. • The software takes up to 12 hours to encrypt the hard drive. The computer does not need
to be monitored during the time, and if the computer is shut down the encryption will resume once it is rebooted.
5.5 Before You Begin
• Ensure all applications are closed.
Symantec PGP Whole Disk Encryption Configuration
• Log in as a user with administrator privileges. The user “cepheid” may be used on Windows XP computers, and “cepheid-admin” on Windows 7.
5.6 Installing Symantec PGP Whole Disk Encryption
1. Launch the Symantec PGP Whole Disk Encryption installer. 2. Select English from drop-down menu and click OK.
3. Check I accept the license agreement and click Next. 4. Check Do not display the Release Notes and click Next. 5. Click Yes to restarting computer message.
5.7 Setting Up PGP Desktop
1. After the computer restarts, PGP Setup Assistant should automatically launch. If no dialog appears, click on the PGP Desktop icon.
The PGP Setup Assistant will automatically launch the first time a new Windows user logs in. PGP Setup only needs to be performed once per computer, so if PGP is already installed and configured, check No and click Next to exit the PGP Setup Assistant.
Setting Up PGP Desktop
2. For the first prompt asking to Enable PGP, check Yes and click Next.
Figure 5-1. Symantec PGP Desktop: Enabling PGP
3. Enter the following information: Name, Organization, Email Address, and click Next. 4. Enter License Key, click Next.
5. After successful authorization, click Next.
6. In User Type screen, check I am a new user, and click Next.
7. If the Personal Certificate Importation screen appears, click Skip. This step is not needed to enable hard drive encryption.
8. If the PGP Key Generation Assistant screen appears, click Skip. This step is not needed to enable hard drive encryption.
Symantec PGP Whole Disk Encryption Configuration
10.If the PGP Messaging: Introduction screen appears, uncheck two checkboxes, and click
Next. This step is not needed to enable hard drive encryption.
Figure 5-2. Symantec PGP Desktop: PGP Messaging Introduction
11.Click Finish to complete PGP setup.
5.8 Creating a Passphrase User
Creating a Passphrase User
2. On bottom right, click New Passphrase User…
Figure 5-4. Symantec PGP Desktop: Encrypt Whole Disk or Partition
A New User can be created two different ways: Windows Password or New Passphrase. The first option, Use Windows Password, will use an existing Windows User Account and its password. The second option, Create New Passphrase, will create a new password used only by the encryption software. Cepheid recommends the second option for consistency between users and over time.
Symantec PGP Whole Disk Encryption Configuration
3. Check Create New Passphrase, and click Next.
Figure 5-5. Symantec PGP Desktop: Whole Disk Encryption New User
Creating a Passphrase User
5. Enter in the username and the new passphrase. The software will indicate the strength of the password, but does not place requirements on password strength. Follow your
organization's IT recommendations for password strength. Click Next to create the new user.
Figure 5-6. Symantec PGP Desktop: Create User Name and Passphrase
Symantec PGP Whole Disk Encryption Configuration
5.9 Setting Up Whole Disk Encryption
1. Click on PGP Disk and then Encrypt Whole Disk or Partition screen to enter the Encrypt Whole Disk or Partition screen.
2. Click on the C: disk and click Encrypt.
Figure 5-7. Symantec PGP Desktop: Select Disk or Partition to Encrypt
Setting Up Whole Disk Encryption
4. After completing disk encryption a new log in screen will appear when the computer is started. Use the passphrase from Section 5.8, Creating a Passphrase User to log in.
Chapter 6 Technical Support
6.1 Troubleshooting
For more information about installation of the security products mentioned in this document, or about their interactions with Cepheid software, please contact Cepheid Technical Support. For other questions about these security products, please contact the manufacturer.
6.2 Contact Cepheid
Before contacting Cepheid Technical Support, collect the following information: • Product name
• Lot number
• Serial number of the instrument • Error messages (if any)
• Software version and, if applicable, Computer Service Tag number
Our corporate headquarters is located in North America. Cepheid 904 Caribbean Drive Sunnyvale, CA 94089-1189 USA Telephone: +1.408.541.4191 Fax: +1.408.541.4192 www.cepheid.com
Region Telephone Email
North America
+1.888.838.3222
Sales Support: Option 1 [email protected]
Technical Support: Option 2 [email protected]
Service Support: Option 3 [email protected]
Instrument Service Contracts: Option 4 [email protected]
European Union
Sales Support: +33.563.82.53.14 Technical Support: +33.563.82.53.19
Service Support (calibrations only): +33.563.82.53.52
Technical Support
For technical support outside of North America, can contact Cepheid Europe for assistance. Cepheid Europe S.A.S.
Vira Solelh
81470 Maurens-Scopont
FranceTelephone: +33.563.82.53.00
Fax: +33.563.82.53.01www.cepheidinternational.com/
