Security recommendations

The application will assist in performing QA tasks on Diagnostic displays, therefore availability of the QAWeb Enterprise Agent was considered important during the design of this product. Nevertheless, the availability, integrity, and confidentiality of the product relies on the following security controls in the operating environment:

QAWeb Enterprise Agent is an application which is installed on Windows workstations. The governance of this application is a shared responsibility. To make this application operate securely in your environment, we recommend the following steps:

  • Verify the checksum of the installer after downloading. This ensures that it was not tampered with during the download.

  • The Agent Installer is signed with our certificate. Only install software from Barco.

  • Make sure only workstation admins have permission to write the location where the Agent is installed. Other workstation user accounts should have read-only access.

  • Limit outgoing traffic to the list of URLs that the application uses (see URLs accessed by Agent)

  • Limit outgoing traffic using a firewall or proxy server.

  • Run a virus scanner on the workstation regularly.

  • Barco publishes security patches when needed. Make sure you have the latest Agent version installed.

  • The Agent stores configuration data and access tokens for its operation. When disposing of the workstation on which the Agent is installed, we recommend removing the configuration data. This can be done by uninstalling the Agent. For more details on how to uninstall the Agent, see Installing the QAWeb agent

  • If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible: https://www.barco.com/about/trust-center/responsible-disclosure

Note

The QAWeb Enterprise Agent can be configured to connect to the QAWeb Enterprise Portal. In case of erratic behavior or by using an outdated version, Barco can deny access of the Agent to the Portal. In this case, the Agent will not be able to connect. It will continue to execute the existing policy. All resulting test results are stored locally.

When the connection is restored, the local data of the last month is synced back to the Portal.

The lack of processing and storage of patient or personal information, combined with the recommended limitations on the network connectivity, results in the product entailing a low cybersecurity risk profile.

URLs accessed by Agent

The Agent needs access to these URLs in order to function properly. Barco recommends allowing access to only these URLs. Any Internet access irrelevant to the applications running on the workstation should be blocked.

  • auth.barco.com Portal authentication. Starting with the April 26 2022 update, Portal user authentication uses this URL. (before, auth.healthcare.barco.com was used)

  • auth.healthcare.barco.com Portal user authentication.

  • qawebdata.healthcare.barco.com Agent data back-end

  • a3n9amleodurj6-ats.iot.eu-west-1.amazonaws.com IoT Cloud to workstation signaling

  • qaweb.healthcare.barco.com Portal web application front-end

  • qawebapi.healthcare.barco.com Portal web application back-end

  • documentation-qaweb-agent.healthcare.barco.com Agent online user guide

  • documentation-qaweb.healthcare.barco.com Portal online user guide