Links in this document have been set for a desktop computer with the resolution set to 1920 x 1080 pixels. Cyber Security: Software Security and Hard Drive Encryption 301-1497, Rev A September 2012
Copyright 2012 Cepheid. Cepheid, the Cepheid logo, GeneXpert, and Xpert are trademarks of Cepheid. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton 360, and NortonLive are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. McAfee and McAfee AntiVirus Plus are trademarks or registered trademarks of McAfee Corporation or its affiliates in the U.S. and other countries. Trend Micro and Titanium Maximum Security are trademarks or registered trademarks of Trend Micro Inc. or its affiliates in the U.S. and other countries. Microsoft Windows, Windows 7, Windows XP, and Windows Vista are trademarks of Microsoft Corporation. Other names may be trademarks of their respective owners.
Table of Contents Introduction Scope...1-1 Intended Audience...1-1 Contents...1-1 Norton 360 Premier Edition Version 6 Introduction...2-1 Estimated Time...2-1 Before You Begin...2-1 Installing Norton 360 Premier Edition...2-1 Setting Up Norton 360 Premier Edition...2-4 McAfee AntiVirus Plus 2012 Introduction...3-1 Estimated Time...3-1 Before You Begin...3-1 Installing McAfee AntiVirus Plus 2012...3-1 Setting Up McAfee AntiVirus Plus 2012...3-4 Trend Micro Titanium Maximum Security 2012 Introduction...4-1 Estimated Time...4-1 Before You Begin...4-1 Installing Trend Micro Titanium Maximum Security 2012...4-1 Setting Up Trend Micro Titanium Maximum Security 2012...4-4 Installing or Upgrading GeneXpert Software for Windows XP...4-6 Symantec PGP Whole Disk Encryption Configuration Introduction...5-1 Scope...5-1 General Overview of Encryption Setup...5-1 Estimated Time...5-1 Before You Begin...5-1 Installing Symantec PGP Whole Disk Encryption...5-2 Setting Up PGP Desktop...5-2 Creating a Passphrase User...5-4 Setting Up Whole Disk Encryption...5-8 Technical Support Troubleshooting...6-1 Contact Cepheid...6-1
Chapter 1 Introduction 1.1 Scope Cepheid is a molecular diagnostics company that is dedicated to improving healthcare by developing, manufacturing, and marketing accurate yet easy-to use molecular systems and tests. Ensuring the integrity of our systems and the business continuity of our customers is a top concern for Cepheid. This document is intended to assist our customer IT staff in securing their general network infrastructure where Cepheid medical products are in use. Cepheid uses commercial off-the-shelf products that include Microsoft Operating Systems in its portfolio of computer based medical products. Cepheid takes cybersecurity seriously by taking a number of actions and measures in an effort to make our products safe from software vulnerability and exploits. However, due to the ubiquitous computing and interconnected nature of today s world coupled with the fast changing landscape of cyber threats, this volatile condition poses a significant risk to the security of our products. Cepheid expects our customers to be vigilant in the security of their systems. This document provides guidance on implementing some of the most common anti-virus and security tools. However, this document is not intended to cover all aspects of cybersecurity required to protect our customers systems. This document provides instructions for implementing off-the-shelf security products on the GeneXpert products. 1.2 Intended Audience This document is intended for experienced IT professionals. 1.3 Contents Chapter 1: Introduction Chapter 2: Norton 360 Premier Edition Version 6 Chapter 3: McAfee AntiVirus Plus 2012 Chapter 4: Trend Micro Titanium Maximum Security 2012 Chapter 5: Symantec PGP Whole Disk Encryption Configuration Chapter 6: Technical Support Cyber Security Manual 1-1
Introduction 1-2 301-1497, Rev A September 2012
Chapter 2 Norton 360 Premier Edition Version 6 2.1 Introduction Norton 360 Premier Edition is a complete security software suite. The software provides several complementary features that protect your computer from security threats: Antivirus running scans for detection of risks Firewall intrusion and browser protection Automatic Protection of active files This document provides information for installing and configuring Norton 360 Premier Edition on the GeneXpert System Computer. 2.2 Estimated Time Installation of Norton 360 Premier Edition 6 will take approximately 30 minutes. 2.3 Before You Begin 1. Connect to the internet. The internet is needed to complete installation. 2. Have a Norton 360 Premier Edition product key ready. 3. Login as cepheid-admin (Windows 7) or cepheid (Windows XP). a. If other antivirus software is installed, uninstall it prior to installing Norton 360 Premier Edition: b. In Windows 7, click Start, click Control Panel, under Programs click Uninstall a Program, click on the antivirus software, and click Uninstall/Change. c. In Windows XP, click Start, click Control Panel, click Add or Remove Programs, click on the antivirus software, and click Change/Remove. 4. Turn Windows Firewall Off: a. For Windows 7, click Start, click Control Panel, click System and Security, and click Windows Firewall. On the left panel, click Turn Windows Firewall on or off, check Off and click OK. b. In Windows XP, click Start, click Control Panel, click Windows Firewall, check Off (not recommended) and click OK. 5. Close any open applications. Cyber Security Manual 2-1
Norton 360 Premier Edition Version 6 2.4 Installing Norton 360 Premier Edition 1. Launch the Norton 360 Premier Edition installer. 2. When the Welcome to Norton 360 Premier Edition screen appears, click on Install Norton 360 Premier Edition. The screen will remain open for the installation process. Figure 2-1. Welcome Screen 3. If a prompt asks to run a publisher or program that is not verified during installation, click Run or Yes. 4. Enter in the Product Key. Uncheck I want to join Norton Community Watch and click Agree & Install. Progress screens will appear the next 2 to 5 minutes. Figure 2-2. Get Started 2-2 301-1497, Rev A September 2012
Installing Norton 360 Premier Edition 5. After Installation is complete, click Explore. A reminder will appear to connect the internet if you haven t already. Figure 2-3. Installation is Complete 6. Activation will automatically start. When prompted to complete activation, enter an email address and click Next. Figure 2-4. Complete Your Activation Cyber Security Manual 2-3
Norton 360 Premier Edition Version 6 7. If a Norton account has already been activated, enter the password. If no Norton account is activated, finish completing account setup. Click Next. Optional - Uncheck Email me security alerts and Email me product updates, offers, and security newsletters. Figure 2-5. Create Your Norton Account 8. After successful completion of activation and registration, click Done. 2.5 Setting Up Norton 360 Premier Edition 1. Click on Norton 360 desktop icon if software is not already launched. Figure 2-6. Home page 2-4 301-1497, Rev A September 2012
Setting Up Norton 360 Premier Edition 2. By default, a scheduled scan will be performed once every 8 days starting from the first day software gets installed. The scan will occur during idle time. Modify the frequency of the time to meet your organization s security guidelines. However, ensure that the scan will not be performed during a time when the GeneXpert System will be processing tests. To modify the scan schedule: a. Click on Settings. b. Click on the Antivirus icon. Figure 2-7. Antivirus icon c. Click on the Scans and Risks tab. d. Find Full System Scan near the end of the list and click on Configure +. Figure 2-8. Antivirus Settings - Scans and Risks e. Under Scan Schedule tab, modify scan schedule based on Start Time, and Day of the week. 3. It is recommended running a scan after installing the software. To complete, click Tasks, and click Run Scan. Figure 2-9. Tasks Cyber Security Manual 2-5
Norton 360 Premier Edition Version 6 4. Check Custom Scan and click Go. Figure 2-10. Scans 2-6 301-1497, Rev A September 2012
Chapter 3 McAfee AntiVirus Plus 2012 3.1 Introduction McAfee AntiVirus Plus 2012 software is a complete security software suite. The software provides several complementary features to protect your computer from security threats: Antivirus, spyware, and malware protection with scheduled scans that detect and eliminate viruses and spyware Real-time scanning of active files Firewall to protect the computer against intruders This document provides information for installing and configuring McAfee AntiVirus Plus on the GeneXpert System Computer. 3.2 Estimated Time Installation of McAfee AntiVirus Plus 2012 will take approximately 30 minutes. 3.3 Before You Begin 1. Connect to the internet which is needed for a complete installation. 2. Have a McAfee AntiVirus Plus 2012 product key ready. 3. Login as cepheid-admin (Windows 7) or cepheid (Windows XP). 4. If other antivirus software is installed, uninstall it prior to installing McAfee AntiVirus Plus 2012: a. In Windows 7, click Start, click Control Panel, under Programs click Uninstall a Program, click on the antivirus software, and click Uninstall/Change. b. In Windows XP, click Start, click Control Panel, click Add or Remove Programs, click on the antivirus software, and click Change/Remove. 5. Close any open applications. 3.4 Installing McAfee AntiVirus Plus 2012 1. Launch the McAfee Antivirus Plus installer. 2. If a prompt asks to run a publisher or program that is not verified during installation, click Run or Yes. Cyber Security Manual 3-1
McAfee AntiVirus Plus 2012 3. If the Internet Connection Required message appears, connect to the internet and click Next. Figure 3-1. Internet Connection Required 4. Check the box underneath License Agreement; check Download and install the latest version of your software from the web; uncheck Send anonymous usage information to McAfee. Click Install. Progress screens will appear for the next 5-10 minutes. Figure 3-2. Install McAfee AntiVirus Plus 3-2 301-1497, Rev A September 2012
Installing McAfee AntiVirus Plus 2012 5. After Installation Complete message appears, click Next. Figure 3-3. Installation Complete 6. Enter in the Activation Key and click Next. Figure 3-4. Activate your McAfee Product Cyber Security Manual 3-3
McAfee AntiVirus Plus 2012 7. For Log in or Create a New Account, enter required information to create a new McAfee account or log in to an existing account, then click Next. Optional - uncheck boxes on the right side of the screen Figure 3-5. Activation Successful 8. After account Activation Successful screen appears, click Finish. Window will close and a confirmation email will be sent. 3.5 Setting Up McAfee AntiVirus Plus 2012 1. To launch McAfee Antivirus Plus software, click on the McAfee AntiVirus Plus shortcut displayed on the Desktop. 2. By default, a scheduled scan will be performed once a week at 4:00 AM. The scan frequency and start time may be modified to meet your organization s security guidelines. However, ensure that the scan will not be performed during a time when the GeneXpert System will be processing tests. To modify the scan schedule: 3-4 301-1497, Rev A September 2012
Setting Up McAfee AntiVirus Plus 2012 a. Click on Virus and Spyware Protection. Figure 3-6. McAfee AntiVirus Plus Home Screen 3. Click the last option, Schedule Scanning. Figure 3-7. Schedule Scanning 4. Click Schedule Your Scan which will then allow you to create an own schedule scan Cyber Security Manual 3-5
McAfee AntiVirus Plus 2012 5. Click Apply after all schedule changes are made All defaults settings set require no further actions. If further configuration settings are needed, modify according to your organization s security guidelines. It is suggested to start a scan after installing McAfee AntiVirus Plus. 3-6 301-1497, Rev A September 2012
Chapter 4 Trend Micro Titanium Maximum Security 2012 4.1 Introduction Trend Micro Titanium Maximum Security 2012 is a complete security software suite. The software provides several complementary features that protect your computer from security threats: Virus & Spyware Controls allows for schedule scans to eliminate viruses and spyware Firewall to protect the computer against intruders Real-time scanning for active files This document provides information for installing and configuring Trend Micro Titanium Maximum Security on the GeneXpert System Computer. 4.2 Estimated Time Installation of Trend Micro Titanium Maximum Security 2012 will take approximately 30 minutes. 4.3 Before You Begin 1. Connect to the internet. The internet is needed to complete installation. 2. Have a Trend Micro Titanium Maximum Security product key ready 3. Login as cepheid-admin (Windows 7) or cepheid (Windows XP). 4. If other antivirus software is installed, uninstall it prior to installing Trend Micro Titanium Maximum Security.: a. In Windows 7, click Start, click Control Panel, under Programs click Uninstall a Program, click on the antivirus software, and click Uninstall/Change. b. In Windows XP, click Start, click Control Panel, click Add or Remove Programs, click on the antivirus software, and click Change/Remove. 5. Close any open applications. 4.4 Installing Trend Micro Titanium Maximum Security 2012 1. Launch the Trend Micro Titanium Maximum Security 2012 installer. 2. If a prompt asks to run a publisher or program that is not verified during installation, click Run or Yes. Cyber Security Manual 4-1
Trend Micro Titanium Maximum Security 2012 3. Wait a few minutes until installer window appears and click Install Program. The installer window will remain open for the remainder installation and other information can be opened without interruption. Figure 4-1. Trend Micro Titanium: Install Program 4. A system requirement check will run. After completion, type in the serial number and then click Next. Figure 4-2. Trend Micro Titanium: Provide Your Serial Number 4-2 301-1497, Rev A September 2012
Installing Trend Micro Titanium Maximum Security 2012 5. Uncheck Share threat information with Trend Micro and click Agree and Install. Figure 4-3. Trend Micro Titanium: License Agreement 6. Installation progress screens will appear for the next 5-10 minutes. After completion, enter your email address to activate the software. 7. If an account is already set up, enter in password. If an account is setup, fill in the following information and then click Next. Optional Uncheck Receive the latest news and offers from Trend Micro. Figure 4-4. Trend Micro Titanium: Enter Account Information 8. Verify information was entered correctly, and then click Next. 9. After activation completes, click Finish. Cyber Security Manual 4-3
Trend Micro Titanium Maximum Security 2012 10.When SafeSync introduction screen appears, click Don t show this page again and Exit. Figure 4-5. Trend Micro Titanium: SafeSync 11.Exit any installer screens if any remain open 4.5 Setting Up Trend Micro Titanium Maximum Security 2012 1. To modify the Trend Micro Titanium Maximum Security settings according to your organization s guidelines, click on Settings. The Protection Settings screen will open. Figure 4-6. Trend Micro Titanium: Protected 4-4 301-1497, Rev A September 2012
Setting Up Trend Micro Titanium Maximum Security 2012 2. Click on the Virus & Spyware Controls tab. Optional - Check Enable real-time scanning for compressed files (like ZIP files). Click Apply to save settings. Figure 4-7. Trend Micro Titanium: Enable Real-Time Scanning 3. By default, a scheduled scan will be performed once a week, on Friday at 12:00 PM. The scan frequency and start time may be modified to meet your organization s security guidelines. However, ensure that the scan will not be performed during a time when the GeneXpert System will be processing tests. To modify the scan schedule: a. Click Schedule Scans. b. Modify the schedule and the scan type, click Apply when completed. Figure 4-8. Trend Micro Titanium: Protection Settings - Scheduled Scans Cyber Security Manual 4-5
Trend Micro Titanium Maximum Security 2012 4. To modify Firewall Booster, click on the Internet & Email Controls tab and click Network. Check Activate the Firewall Booster and click Apply Figure 4-9. Trend Micro Titanium: Protection Settings - Network 5. It is recommended to run an initial scan after setup. On the home screen click Scan and a Quick Scan will start. Figure 4-10. Trend Micro Titanium: Scan Icon 4.6 Installing or Upgrading GeneXpert Software for Windows XP If Trend Micro Security software is configured and you wish to install or upgrade GeneXpert software, complete the following steps: 1. Launch Trend Micro Titanium Maximum Security and click on Settings. 2. Click on the Virus & Spyware Controls tab. 4-6 301-1497, Rev A September 2012
Installing or Upgrading GeneXpert Software for Windows XP 3. Click on Scan Preferences and uncheck Check if programs try to make unauthorized changes to the system settings. 4. Click Apply. Figure 4-11. Trend Micro Titanium: Protection Settings - Scan Preferences 5. Install or upgrade GeneXpert software by following the Install Instructions in 300-8398. 1. Launch Trend Micro Titanium Maximum Security and click on Settings. 2. Click on the Virus & Spyware Controls tab. 3. Check the box Check if programs try to make unauthorized changes to the system settings. 4. Click OK to save the settings. Cyber Security Manual 4-7
Trend Micro Titanium Maximum Security 2012 4-8 301-1497, Rev A September 2012
Chapter 5 Symantec PGP Whole Disk Encryption Configuration 5.1 Introduction 5.2 Scope Hard drive encryption is an important layer of data security in the event of a malicious attack against a physical computer. When a hard drive has been encrypted, the data on the drive is not accessible by anyone who does not possess a valid password, regardless of their physical possession of the computer. Once the hard drive has been encrypted, every time a user starts the computer a password will be required prior to logging into Windows. Symantec PGP Whole Disk Encryption is an FIPS 140-2 validated security product, and Cepheid has qualified the GeneXpert software for use with this product on both Windows 7 and Windows XP computers. This document provides information for installing and configuring hard drive encryption on the GeneXpert System Computer. While Symantec PGP Whole Disk Encryption provides other features such as email encryption and USB drive encryption, this document will only provide information for the hard drive encryption feature. 5.3 General Overview of Encryption Setup Install PGP Whole Disk Encryption software Setup PGP Whole Disk Encryption software Configure User Account (s) and starting passphrases Encrypt Whole Disk Type Passphrase to a pre-boot window, before Windows login 5.4 Estimated Time Installation of the Symantec PGP Whole Disk Encryption software takes about 1 hour. The software takes up to 12 hours to encrypt the hard drive. The computer does not need to be monitored during the time, and if the computer is shut down the encryption will resume once it is rebooted. 5.5 Before You Begin Ensure all applications are closed. Have a Symantec PGP Whole Disk Encryption license key available. Cepheid recommends backing up the GeneXpert Software database and any other critical data on the computer to external storage before installing hard drive encryption. Cyber Security Manual 5-1
Symantec PGP Whole Disk Encryption Configuration Log in as a user with administrator privileges. The user cepheid may be used on Windows XP computers, and cepheid-admin on Windows 7. 5.6 Installing Symantec PGP Whole Disk Encryption Note 1. Launch the Symantec PGP Whole Disk Encryption installer. 2. Select English from drop-down menu and click OK. 3. Check I accept the license agreement and click Next. 4. Check Do not display the Release Notes and click Next. 5. Click Yes to restarting computer message. If a prompt asks to run a publisher or program that is not verified during installation, click Run or Yes 5.7 Setting Up PGP Desktop 1. After the computer restarts, PGP Setup Assistant should automatically launch. If no dialog appears, click on the PGP Desktop icon. The PGP Setup Assistant will automatically launch the first time a new Windows user logs in. PGP Setup only needs to be performed once per computer, so if PGP is already installed and configured, check No and click Next to exit the PGP Setup Assistant. 5-2 301-1497, Rev A September 2012
Setting Up PGP Desktop 2. For the first prompt asking to Enable PGP, check Yes and click Next. Figure 5-1. Symantec PGP Desktop: Enabling PGP 3. Enter the following information: Name, Organization, Email Address, and click Next. 4. Enter License Key, click Next. 5. After successful authorization, click Next. 6. In User Type screen, check I am a new user, and click Next. 7. If the Personal Certificate Importation screen appears, click Skip. This step is not needed to enable hard drive encryption. 8. If the PGP Key Generation Assistant screen appears, click Skip. This step is not needed to enable hard drive encryption. 9. If the PGP Global Directory Assistant screen appears, click Skip. This step is not needed to enable hard drive encryption. Cyber Security Manual 5-3
Symantec PGP Whole Disk Encryption Configuration 10.If the PGP Messaging: Introduction screen appears, uncheck two checkboxes, and click Next. This step is not needed to enable hard drive encryption. Figure 5-2. Symantec PGP Desktop: PGP Messaging Introduction 11.Click Finish to complete PGP setup. 5.8 Creating a Passphrase User At least one passphrase user must be created before the whole disk can be encrypted. 1. In PGP Desktop, click PGP Disk, and then click Encrypt Whole Disk or Partition Figure 5-3. Symantec PGP Desktop: PGP Disk 5-4 301-1497, Rev A September 2012
Creating a Passphrase User 2. On bottom right, click New Passphrase User Figure 5-4. Symantec PGP Desktop: Encrypt Whole Disk or Partition A New User can be created two different ways: Windows Password or New Passphrase. The first option, Use Windows Password, will use an existing Windows User Account and its password. The second option, Create New Passphrase, will create a new password used only by the encryption software. Cepheid recommends the second option for consistency between users and over time. Important It is critical to remember the Password for the selected Windows account, as it will be required for a user to boot the computer. Multiple users and passwords can be added if desired. Cyber Security Manual 5-5
Symantec PGP Whole Disk Encryption Configuration 3. Check Create New Passphrase, and click Next. Figure 5-5. Symantec PGP Desktop: Whole Disk Encryption New User 4. Check Proceed with passphrase authentication only and click Next. 5-6 301-1497, Rev A September 2012
Creating a Passphrase User 5. Enter in the username and the new passphrase. The software will indicate the strength of the password, but does not place requirements on password strength. Follow your organization's IT recommendations for password strength. Click Next to create the new user. Figure 5-6. Symantec PGP Desktop: Create User Name and Passphrase 6. Click Finish to complete passphrase creation. Cyber Security Manual 5-7
Symantec PGP Whole Disk Encryption Configuration 5.9 Setting Up Whole Disk Encryption 1. Click on PGP Disk and then Encrypt Whole Disk or Partition screen to enter the Encrypt Whole Disk or Partition screen. 2. Click on the C: disk and click Encrypt. Figure 5-7. Symantec PGP Desktop: Select Disk or Partition to Encrypt 3. A confirmation message will appear. Click Yes. The software will take up to 12 hours to encrypt the disk. If you need to shut down the computer while encryption is in process, the encryption process will resume after the computer restarts. 5-8 301-1497, Rev A September 2012
Setting Up Whole Disk Encryption 4. After completing disk encryption a new log in screen will appear when the computer is started. Use the passphrase from Section 5.8, Creating a Passphrase User to log in. Figure 5-8. Symantec PGP Desktop: Enter Passphrase Cyber Security Manual 5-9
Symantec PGP Whole Disk Encryption Configuration 5-10 301-1497, Rev A September 2012
Chapter 6 Technical Support 6.1 Troubleshooting For more information about installation of the security products mentioned in this document, or about their interactions with Cepheid software, please contact Cepheid Technical Support. For other questions about these security products, please contact the manufacturer. 6.2 Contact Cepheid Before contacting Cepheid Technical Support, collect the following information: Product name Lot number Serial number of the instrument Error messages (if any) Software version and, if applicable, Computer Service Tag number Region Telephone Email North America +1.888.838.3222 Sales Support: Option 1 Technical Support: Option 2 Service Support: Option 3 Instrument Service Contracts: Option 4 CustomerService@cepheid.com TechSupport@cepheid.com Cepheid.ServiceSupport@cepheid.com Service.Contracts@cepheid.com European Union Sales Support: +33.563.82.53.14 Technical Support: +33.563.82.53.19 Service Support (calibrations only): +33.563.82.53.52 Support@cepheideurope.com Our corporate headquarters is located in North America. Cepheid 904 Caribbean Drive Sunnyvale, CA 94089-1189 USA Telephone: +1.408.541.4191 Fax: +1.408.541.4192 www.cepheid.com Cyber Security Manual 6-1
Technical Support For technical support outside of North America, can contact Cepheid Europe for assistance. Cepheid Europe S.A.S. Vira Solelh 81470 Maurens-Scopont FranceTelephone: +33.563.82.53.00 Fax: +33.563.82.53.01www.cepheidinternational.com/ Contact information for other Cepheid offices is available on our website at http:// www.cepheid.com/company/contact-us/. 6-2 301-1497, Rev A September 2012