High Security Settings Checklist¶
The following table provides a list of PCoIP Remote Workstation Card security settings that are frequently used in high security deployments. Your network administrator or your security advisor must determine whether these settings are appropriate for your own network environment. The most secure options are shown and are presented in the order seen in the AWI.
PCoIP Remote Workstation Card Security Settings¶
|Configuration Category||Setting Name||Setting|
|Initial Setup||Accept Any Client||False|
|Network||Enable 802.1x Security||True|
|Network||Enable 802.1x Authentication Identity||Enter the username configured for the 802.1x authentication|
|Management||Security Level||High Security Environment - Bootstrap phase disabled|
|Access||Disable Management Console Interface||False
Warning: Disabling both the Management Console and AWI interfaces will make your hostcard unmanageable unless a factory reset is performed on the card
|Access||Disable Administrative Web Interface||True|
|Access||Force password change on next login||True|
|Discovery||Enable SLP Discovery||False|
|Session||Accept Any Peer||False|
|Session||TLS Security Mode||Suite B: TLS 1.2 with Suite B-compliant 192-bit elliptic curve encryption|
|Session||Peer-to-Peer Certificate||If a custom certificate is uploaded then it will appear in the Peer-to-Peer Certificate field and you will be able to select it to be used for PCoIP Zero Client to Remote Workstation Card peer-to-peer connections|
|Session||PCoIP Data Encryption Ciphers||AES-256-GCM|
|USB||Authorized Devices||Enter the USB rule, class, sub class and protocol of authorized USB devices bridged to the host PC to gain access to the USB device.
Example: To allow USB access to HID devices only, click Add New and configure these settings:
|USB||Unauthorized Devices||Enter the rule, class, sub class and protocol of unauthorized USB devices that are bridged to the host PC to prevent access to the USB device from the host PC.
Example: To allow USB access to all devices except mass storage, click Add New and configure these settings.
|Certificate Store||N/A||Stores certificates for 802.1x and certificates for secure connections using the management protocol allowing management of the Remote Workstation Card|