BeckmanConnect Security Highlights

Overview

This document highlights the privacy and security features in the BeckmanConnect remote management solution. This solution is designed to enable our Service and Support organization to provide real-time service via a secure remote connection to Beckman Coulter instruments in your lab. This document is intended to be reviewed by the local IT administrator for the instrument PCs and network infrastructure at your facility as part of the approval process for BeckmanConnect.

Supporting the Beckman Coulter remote management platform is TeamViewer GmbH, a global leader in secure online remote support and collaboration. At the forefront of remote software development, TeamViewer GmbH is a recognized provider of cloud-based technologies receiving a five-star quality seal by the Federal Association of IT Experts and Reviewers.1 TeamViewer is a provider-of-choice for many data sensitive sectors including healthcare institutions, government, banking and finance.2

BeckmanConnect provides remote access while remaining compliant with regional data privacy restrictions such as HIPAA and GDPR. Specifically, TeamViewer serves as a pass-through to connect two end points without storing any identifying information.

BeckmanConnect Security Highlights two factor authentication

Technical Summary

The TeamViewer tool provides a secure remote screen and file sharing platform to enable Beckman Coulter Service & Support experts to securely connect to Beckman Coulter instruments located in customer facilities. All TeamViewer traffic is secured via RSA public/private key exchange and AES (256 bit) session encryption. Additionally, the platform is configured to prevent ‘man-in-themiddle’ and brute force attacks. More detail is available in the TeamViewer security statement, located here.2

Security Measures

To operate, TeamViewer requires an internet connection. Before connecting any Beckman Coulter instrument PC to the network for the first time, please be sure to read the BeckmanConnect Instrument PC Networking Requirements document and ensure the instrument PC is secure. Thorough review of our IT requirements and consent to the terms of service are required prior to activating remote support features.

BeckmanConnect is configured for maximum out-of-the-box security:

  • TeamViewer connection white-listing is deployed to prevent access to instruments from sources external to the Beckman Coulter Service & Support organization.
  • Outgoing TeamViewer connection requests and meeting functionality within the client have been disabled.
  • Users are required to provide a unique connection password to initiate all connection sessions. This password changes with each new session to prevent unauthorized connections.
  • Following successful authentication of a secure TeamViewer session, users are required to manually approve any screen-view, remote-control or file-transfer request through the TeamViewer client. Connection requests and file transfers are logged on TeamViewer secure servers for audit purposes. Note File Transfer is currently not enabled for instrument controller PCs containing personal health information (Navios EX, DxFlex, Data Innovations Instrument Manager, Aquios CL, CellMekSPS, Navios). If this feature is enabled in a future release, users must download an update and authorize the new feature during installation before it will be activated.
  • Access to the Beckman Coulter TeamViewer management portal is restricted by username and complex password. Access is restricted to Beckman Coulter employees who have undergone training to understand the data and privacy guidelines that apply to the customer’s region.

Firewall Requirements

BeckmanConnect is designed to enable a secure remote connection without the need for any special firewall configuration. In select situations, a firewall might be set up to block unknown outbound connections. In such cases, the firewall must be configured to facilitate the connection.

BeckmanConnect will use port 443 to establish an outbound TCP connection. Port 443 is required for the client software to:

  • Auto-update
  • Set required group policy settings for security purposes
  • Allow remote connections from Beckman Coulter Service & Support personnel

NOTE: The service will not function properly without outbound access to port 443. 

BeckmanConnect makes connections to secure servers located around the world. These servers use a number of different IP addresses, which may change over time. All IP addresses used by BeckmanConnect resolve to either *.teamviewer.com or *.beckman.com domains. You can use this information to restrict the destination IP addresses you allow through your firewall or proxy server.
As the BeckmanConnect service only initiates outgoing data connections through a firewall, blocking incoming connections and allowing only outgoing TCP connections over port 443 to *.teamviewer.com and *.beckman.com domains will suffice.

Summary

BeckmanConnect is a secure system which allows Beckman Coulter Service and Support personnel to remotely access certain instruments for technical support purposes. The end-to-end tunnel is encrypted and measures are taken to keep customers safe and ensure that access is only available to properly-trained Beckman Coulter employees.

Learn more or get connected today.

connect@beckman.com

References:

  1. Bundesverband der IT-Sachverständigen und Gutachter e.V., BISG e.V.
  2. TeamViewer security statement, https://dl.tvcdn.de/docs/en/TeamViewer-Security-Statement-en.pdf