UNICORN. Hardening Guide

Similar documents
GE Healthcare. UNICORN 6.x. SQL Server 2008 configuration for UNICORN installations

Summary of GE Healthcare's Quality Management System (QMS) Covering BioProcess chromatography media, equipment, software, and spare parts

How to Download a GE Healthcare License File

GE Healthcare. UNICORN 5.2 vs Software Change Description

soft ware change description

UniFlux 10: hollow fiber conversion kit ( ) installation instruction

CU-950 Installation Guide

Administration and Technical Manual

GE Healthcare Life Sciences. Validation Services. Compliance support through life cycle management

GAMP5 - a lifecycle management framework for customized bioprocess solutions

QUANTIFY INSTALLATION GUIDE

UNICORN MS SQL Server Integration

Gain efficiency in your process development with ÄKTA avant

UNICORN control software

UNICORN 7.0 software. Description. gelifesciences.com

Video Administration Backup and Restore Procedures

Basic Exchange Setup Guide

Amersham High Molecular Weight Calibration Kit for native electrophoresis

System Area Management Software Tool Tip: Integrating into NetIQ AppManager

Sterile ReadyToProcess Hollow Fiber Cartridges Instructions for Use

Basic Exchange Setup Guide

Windows Clients and GoPrint Print Queues

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Using LifeSize systems with Microsoft Office Communications Server Server Setup

RESOURCE Q, 1 ml and 6 ml RESOURCE S, 1 ml and 6 ml

To install the SMTP service:

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

SQL EXPRESS INSTALLATION...

HP Device Manager 4.6

HP Device Manager 4.7

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

BusinessObjects Enterprise XI Release 2

SafeCom G2 Enterprise Disaster Recovery Manual

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

Integrating LANGuardian with Active Directory

Moving the Web Security Log Database

ReadyKart Mobile Processing Station Instructions for Use

Connect Alias autosampler to ÄKTA pure or ÄKTA avant. Instructions

GE Healthcare s cell culture media, sera and process liquids

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Page finder. 1. Legal Handling Safety warnings and precautions Storage Expiry 4

1. CONFIGURING REMOTE ACCESS TO SQL SERVER EXPRESS

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

FaxCore Ev5 Database Migration Guide :: Microsoft SQL 2008 Edition

Configuring Security Features of Session Recording

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

NetSupport DNA Configuration of Microsoft SQL Server Express

Setup and configuration for Intelicode. SQL Server Express

Using LifeSize Systems with Microsoft Office Communications Server 2007

Smart Asset Management Services

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Operating System Installation Guide

Upgrade Guide BES12. Version 12.1

Instrument services for WAVE Bioreactor systems

Moving the TRITON Reporting Databases

Security Guidelines for MapInfo Discovery 1.1

Release Notes for Websense Security v7.2

Specops Command. Installation Guide

Cloud Services ADM. Agent Deployment Guide

Secure Agent Quick Start for Windows

FaxCore 2007 Database Migration Guide :: Microsoft SQL 2008 Edition

etoken Enterprise For: SSL SSL with etoken

Print Audit 6 - SQL Server 2005 Express Edition

MultiSite Manager. Using HTTPS and SSL Certificates

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Database Configuration Guide

White Paper. Fabasoft Folio Thin Client Support. Fabasoft Folio 2015 Update Rollup 2

SafeCom Smart Printing Administrator s Quick Guide

BillQuick Installation Guide for Microsoft SQL Server 2005 Express Edition

EventTracker: Support to Non English Systems

Setting up DCOM for Windows XP. Research

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

Migrating MSDE to Microsoft SQL 2008 R2 Express

Cisco SSL Encryption Utility

MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER

Creating IBM Cognos Controller Databases using Microsoft SQL Server

Avira Management Console AMC server configuration for managing online remote computers. HowTo

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Use Enterprise SSO as the Credential Server for Protected Sites

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Sage HRMS 2012 Sage Employee Self Service. Technical Installation Guide for Windows Server 2003 and Windows Server 2008

Course 2277: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services

Managing User Accounts

Installation Instruction STATISTICA Enterprise Server

SQL Server 2008 R2 Express Edition Installation Guide

WhatsUp Gold v16.3 Installation and Configuration Guide

RSA Security Analytics

Wavecrest Certificate

NovaBACKUP xsp Version 15.0 Upgrade Guide

Creating a New Database and a Table Owner in SQL Server 2005 for exchange@pam

AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Lab - Configure a Windows 7 Firewall

SELF SERVICE RESET PASSWORD MANAGEMENT BACKUP GUIDE

Installation Instruction STATISTICA Enterprise Small Business

FaxCore 2007 Application-Database Backup & Restore Guide :: Microsoft SQL 2005 Edition

Setting Up ALERE with Client/Server Data

Administration Guide. . All right reserved. For more information about Specops Gpupdate and other Specops products, visit

Transcription:

UNICORN Hardening Guide

Table of Contents Table of Contents Secure the database connection... Secure the Active Directory connection... 3 9 UNICORN Hardening Guide 99498 AA

Secure the database connection Secure the database connection Introduction In UNICORN 7.0. and later it is possible to use either server side encryption (default) or client side encryption with certificates to ensure a secure database communication. Server side encryption on an SQL Server Microsoft does not recommend to have both server side encryption and client side encryption turned on. Enable server side encryption on the SQL Server by following the instructions. Step Action Log in as an Administrator on the database server computer. Start the SQL Server Configuration Manager. UNICORN Hardening Guide 99498 AA 3

Secure the database connection Step 3 Action Click SQL Server Network Configuration, right-click Protocols for UNICORN and then click Properties. Result: The Protocol for UNICORN Properties dialog box opens. 4 5 6 Double-click Force Encryption and click Yes. Click OK. Restart the SQL Server service for UNICORN or restart the computer. Server side encryption on the SQL Server installed by UNICORN Microsoft does not recommend to have both server side encryption and client side encryption turned on. Server side encryption is turned on by default when the express edition of SQL Server is installed by the UNICORN installation program. You can turn the server side encryption on and off in the UNICORN Configuration Manager. Step Action Log in as an Administrator on the database server computer. Start the UNICORN Configuration Manager. 4 UNICORN Hardening Guide 99498 AA

Secure the database connection Step 3 4 5 Action Select or clear the Force Encryption check box to turn server side encryption on or off. Click OK. Click Yes in the message box to restart the UNICORN SQL server instance and apply the new setting or No to apply the settings after next UNICORN SQL Server instance restart. Client side encryption with trusted certificates Microsoft does not recommend to have both server side encryption and client side encryption turned on. Follow the instructions to configure UNICORN to use trusted certificates. This document does not describe certificates handling in detail. It is assumed that the local IT department will assist with that. Stage Description Create certificates and have them signed by an Authorized organization. Certificates can be created with a number of different tools. E.g., OpenSSL Makecert IIS Management Console Windows Server AD certificate services. Certificates have a lifetime of to 3 years and need to be reissued after they have expired. Install certificates on every UNICORN client. Depending on the certificates installed the fully qualified domain name (FQDN) for the database location might be needed. Use the Control Panel on the computer running the database to locate the FQDN. See Identify the fully qualified domain name, on page 8 UNICORN Hardening Guide 99498 AA 5

Secure the database connection Stage 3 4 5 Description Use the UNICORN Service Tool to edit the UNICORN client configuration files to use encryption and to not trust server certificates. See UNICORN Service Tool User Manual Install certificates on the database server. On the database server, use the SQL Server Configuration Manager to set certificates for the SQL server UNICORN instance: Expand SQL Server Network Configuration. In Protocols for UNICORN choose Properties. 3 In Protocols for UNICORN Properties window, click on Certificates tab to set the certificate. If you are no longer using certificates, clear SQL Server usage of certificates prior to deleting certificates from the computer. SQL Server will not start without the configured certificate. 6 Check that the client connections are encrypted. See Check client connections, on page 7. Tip: If the connections are refused it is possible that the certificates are not properly installed. Client side encryption without trusted certificates Microsoft does not recommend to have both server side encryption and client side encryption turned on. Follow the instructions to set up client side encryption without using trusted certificates Stage Description Use the UNICORN Service Tool to edit the UNICORN client configuration files to use encryption and to trust all server certificates. See UNICORN Service Tool User Manual Check that the client connections are encrypted. See Check client connections, on page 7. 6 UNICORN Hardening Guide 99498 AA

Secure the database connection Check client connections You can check the encryption status of current client connections by running the following SQL script. To execute an SQL script there are two options; execute it directly in SQL Server Management Studio or save the script to a text file and execute it using sqlcmd from an elevated command line. SELECT session_id, encrypt_option FROM sys.dm_exec_connections go sp_who The result of the first query is a list of the connections established to the current instance of SQL Server and the details of each connection. The second query returns a list of session ID (spid) and connection information. By cross-referencing these two lists you can check if the connections from a specific computer (hostname) are encrypted. UNICORN Hardening Guide 99498 AA 7

Secure the database connection Identify the fully qualified domain name The fully qualified domain name (FQDN) is also called "full computer name". Follow the instruction to identify a computer's FQDN. Step 3 Action Enter Computer name in the Windows Start menu search box. Click the See the name of this computer Control Panel item displayed as a result. The FQDN for the computer is listed as "Full computer name" under the heading "Computer name, domain, and workgroup settings". 8 UNICORN Hardening Guide 99498 AA

Secure the Active Directory connection Secure the Active Directory connection Introduction UNICORN 7.0. and later are by default configured to use secure (encrypted) user authentication with an Active Directory (AD) using the TLS/SSL-protocol. In order to secure user authentication between an Active Directory and the client a trusted relationship must be established (using certificates). This can be done by your local IT department by adding the Server Role Active Directory Certificate Services in Server Manager. Encrypt user authentication with the Active Directory The following table outlines the process of enable or disable encrypting user authentication with an Active Directory. Stage Description Establish a trusted relationship using certificates between the Active Directory and the AD-user. Enable or disable encrypted user authentication to the Active Directory in UNICORN using the UNICORN Service Tool. See UNICORN Service Tool User Manual UNICORN Hardening Guide 99498 AA 9

For local office contact information, visit www.gelifesciences.com/contact GE Healthcare Bio-Sciences AB Björkgatan 30 75 84 Uppsala Sweden www.gelifesciences.com/unicorn GE, GE monogram and UNICORN are trademarks of General Electric Company. Active Directory, Microsoft, SQL Server, Windows and Windows Server are trademarks of Microsoft Corporation. All other third party trademarks are the property of their respective owner. Any use of UNICORN is subject to GE Healthcare Standard Software End-User License Agreement for Life Sciences Software Products. A copy of this Standard Software End-User License Agreement is available on request. UNICORN 7 009-06 General Electric Company 06 General Electric Company First published Apr. 06 All goods and services are sold subject to the terms and conditions of sale of the company within GE Healthcare which supplies them. A copy of these terms and conditions is available on request. Contact your local GE Healthcare representative for the most current information. GE Healthcare Europe GmbH Munzinger Strasse 5, D-79 Freiburg, Germany GE Healthcare UK Limited Amersham Place, Little Chalfont, Buckinghamshire, HP7 9NA, UK GE Healthcare Bio-Sciences Corp. 00 Results Way, Marlborough, MA 075, USA GE Healthcare Dharmacon, Inc. 650 Crescent Dr., Lafayette, CO 8006, USA HyClone Laboratories, Inc. 95 W 800 S, Logan, UT 843, USA GE Healthcare Japan Corporation Sanken Bldg. 3-5-, Hyakunincho Shinjuku-ku, Tokyo 69-0073, Japan 99498 AA 04/06 a35

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information