Cyber Security Checklist

To safeguard your organization and its assets, cyber security is essential. Synectics have formulated a comprehensive list of actions to be performed on each Synergy system to harden its cyber security.

To streamline this process, these actions have been wizardized.

This means you can keep track of actions yet to be completed and quickly access the relevant area of the Synergy Graphical User Interface in which each action is performed.

To access the wizard, go to Setup.

Under Local Setup, click Secure Check.

The wizard checks system configuration for its cyber security.

Once the check is complete, the bar at the bottom of the menu states Validation Complete.

For each section, there are hyperlinks to the appropriate configuration menus for each action to be performed.

If an action has been completed, its hyperlink does not display.

The previous example screenshot shows 4 actions out of 21 completed; those in the Software and Resources, Configuration Encryption and PSN Encrypted Comms sections.

Synergy Passwords

To secure passwords used in the Synergy system, click each hyperlink in this section and complete its menu(s).

• Set Login Failure Limit - From the drop-down menu, select the number of times a user may log in incorrectly before being locked out.
• Set Password Reuse Limit - From the drop-down menu, select the number of months that must pass before a user may reuse a password.To allow a user to immediately re-use a previous password, select 0.
• Enforce Password Changes - From the drop-down menu, select the number of months between mandatory password changes per year (from None to 12 Month(s)).
• Use Password Rules - To enforce password creation rules, select the Enforce Password Rules checkbox.
  • Must Include Lower Case - Select this checkbox to enforce users to include at least one lower case letter character in passwords
  • Must Include Upper Case - Select this checkbox to enforce users to include at least one upper case letter in passwords
  • Must Have Numbers - Select this checkbox to enforce users to include at least one numerical character in passwords
  • Must Have Special Characters - Select this checkbox to enforce users to include at least one special character (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~) in passwords
  • Rule Passes Required - From the drop-down menu, select the number of password creation rules to be enforced (from 1 rules(s) to All rules)
  • Enforce Change Weak Passwords - Select this checkbox to enforce a user to change a password deemed as weak (failing to meet at least three of the five possible password creation rules)
  • Minimum Password Length - From the drop-down menu, select the minimum number of characters of which passwords must be comprised (from 0 (no minimum length) to 7)
• Disable Password Reset Defaults - Normally if the password needs to be reset in Synergy, it will default to having the password the same as the user name. However, you can disable this feature with this option and force the user to manually re-enter a password.
• Activate LDAP - Click to configure Active Directory, a centralized database to be used by Windows server-operated systems to manage user credentials. Synergy finds user groups that are mapped to the Active Directory and establishes whether users are members of both user groups. The user group with the highest priority is then used for this user in Synergy.

Complete the fields on the tabs as described in the following sections.

The Settings Tab

The Settings tab allows you to specify if LDAP logins will be used in Synergy and provides basic connection and configuration options for using AD with Synergy

Application Settings

1. To enable login to Synergy using active directory credentials, select Active Directory Login?
2. To block specific active directory groups from Synergy, select the Group Blocking? checkbox.
3. To block LDAP users associated with a specific property from Synergy, select the Property Blocking? checkbox

Connection Settings

1. The Status button indicates the current connection status to the domain controller. Green denotes Connected. Red denotes Disconnected. If the system is not connected to LDAP, click Connect to log in. You will need valid credentials to access the LDAP system.
2. Enter your AD login credentials in the Connection User and Connection Password fields. If these fields are left blank, the login is taken from the local user. The advantage of using a connection user and password is that you can log in again without having to enter a password.
3. To allow the system to pick up connection settings automatically, select the On Domain checkbox. The On Domain selection specifies whether the machine is part of a domain and will populate the Primary URL field with the value it will be using for URL.
4. Select the required transport protocol: Plain Text or SSL for the Protocol. The protocol and port will still need setting even if On Domain is selected as this information is not automatically imported.
5. If you do not select the On Domain checkbox, enter the address and port number of the LDAP server in the Primary URL field and the Port field next to it.
6. In the event that this LDAP server cannot be accessed, enter the address of an alternative LDAP server in the Secondary URL field and the Port field next to it.
7. Click Save.

The Mapped Groups Tab

The Mapped Groups tab allows you to define which Active Directory groups should be associated with Synergy user groups.

Select a user group from the Synergy Group drop-down menu.

To make changes to the configuration of this user group, click Edit User Group. The Edit User Group dialog box appears.

Make edits as required and click Save.

To create a new user group, click Add New Group on the Mapped Groups tab. The Add User Group dialog box appears.

Enter the new group information and click Save.

Select a group using the Add LDAP Groups search tool to map it to this Synergy. It is added to the tree view of available domains and groups. You can sort entries in the tree using the Sort tool.

Click Save.

The Blocked Groups Tab

The Blocked Groups tab allows you to specify which Active Directory user groups are blocked from Synergy.

To add a property that if associated with the user will block the user from Synergy, click the Add Property button. Blank fields appear in the table.

Enter the name of the property in the Name field.

Enter a value for the property in the Value field.

Click Save.

To remove a property from this table, select it and click the Remove Property button.

Click Save.

The Blocked Properties Tab

The Blocked Properties tab allows you to specify properties or attributes that if associated with the user will cause the user to be blocked from Synergy.

To specify a property, click Add Property. Blank fields appear in the table.

Enter the property name in the Name field.

Enter the property value in the Value field.

Click Save.

To remove a property from this table, select it and click Remove Property.

Click Save.

Workstation Security

• Set Automatic Lock Workstation - From the drop-down menu, select the time to elapse before this workstation will automatically be locked (from None to 500 Minutes)

Software and Resources

This section states whether or not your system has the appropriate core and security resources installed on each hardware type.

• If any hardware types are detected as not having appropriate core and security resources installed, click the hyperlinks to prompt installation.

Any core resources that are not up to date will be listed in the dialog box. The dialog box describes the next steps. In the previous example, run the latest Synergy upgrade.

Configuration Encryption

This section states whether or not your Synergy system has its configuration encrypted. It will check if the security resources are up-to-date.

• If any hardware types are detected as having their configuration not encrypted, click their respective hyperlinks to prompt configuration. However, it may be that some devices are offline or have been permanently removed. In this case, you have the option of progressing the check anyway even though these resources are technically not up-to-date.

Synergy Encrypted Comms

This section states whether or not your Synergy system has its communications encrypted.

• If either the Synergy Server or the Incident Locker(s) are detected as not having their communications encrypted, click their respective hyperlinks to prompt configuration.

PSN Encrypted Comms

This section states whether or not the PSN units in your Synergy system have their communications encrypted.

• If any PSN units are detected as not having their communications encrypted, click the hyperlinks to prompt configuration.

File Shares

This section states whether or not Synx File Shares 2 is enabled in Synergy.

Synx File Shares 2 allows for secure file sharing between Synectics devices. It ensures that sensitive data, such as video footage, images, and configuration files are protected from unauthorized access. Synx File Shares 2 succeeds Synectics' previous file sharing solution based on Windows administrative file shares, and is the recommended option wherever available.

• If any aspects of the system which Synx File Shares 2 requires enabling for file sharing are not enabled, click their respective hyperlinks to prompt configuration.

Windows Passwords

This section asks you to manually confirm that each Windows machine in the Synergy system (all Server, Client and PSN units) have had their Windows user account passwords changed from their default values.

• Ensure that all Windows user account passwords in the Synergy system have been changed from their default values.
• Click each hyperlink in this section to confirm that all Windows user account passwords for their respective hardware types have been changed from their default values.