Document ID: Version: Title:

E061132 02 Instructions for iView Shares FCO

Table of Contents
1.0 Introduction......................................................................................................... 1
1.1 Applicability ........................................................................................................................................ 1
2.0 Updating iViewGT 3.4.1 (Windows 7) Systems: ..................................................... 2
3.0 All Versions of iViewGT 3.4.1 and above ............................................................... 2
4.0 NSS ...................................................................................................................... 2
5.0 CCP – Network Management and Security (NMaS) ............................................... 3

1.0 Introduction
The aim of the FCO is to improve the Cyber Security of iViewGT systems with software versions 3.4.1 (and above)
and the Cyber Security of the firewalls: NSS or NMaS (Juniper). This includes:
• Installation of the WannaCry patch for iViewGT 3.4.1. Patch included in the software zip file.
• Restricting access to Port 445 to QA devices accessing the iViewGT.

1.1 Applicability
The WannaCry Patch is applicable to iViewGT 3.4.1 (Windows 7).
All other instructions apply to iViewGT 3.4.1 and above.
iViewGT File Share enabled (assumed using iview user account) with AQUA, DOSIsoft or Sun Nuclear systems
configured. If they are not configured, do not carry out these instructions.
To avoid breaking existing connections you may continue to use the iview user account for file sharing but for
new shares please use the following link to download the instructions on creating a separate account for file
sharing.
https://elekta.my.salesforce.com/sfc/p/60000000IYoG/a/6g0000001NN1/KpmEgQ0vfIaU1N6O8R2UBbUYlUaafV
9bxFfxpZuykUc

Prerequisites
Obtain the specific IP addresses for all the applicable systems: AQUA, DOSIsoft (EPIgray, EPIbeam) and/or Sun
Nuclear.
The software is available from this link: iViewGT Cyber Security patch which includes:
• Windows 7 WannaCry patch for iViewGT 3.4.1
• NMaS rule packages for removing or adding port forwarding addresses.

© Elekta 2023 | All rights reserved. Company Confidential.

This document is electronically controlled. Printed copies are considered uncontrolled.
Title: Instructions for iView Shares FCO
Document ID: E061132 01 Page 1 of 4
2.0 Updating iViewGT 3.4.1 (Windows 7) Systems:
1) Connect the Engineer Laptop to the Service Engineer port on the back of the CCP Assembly or on the front of
the NSS.
2) Copy the patch to the Install folder of:
a. NSS SAMBA Shared Drive for non-CCP systems
b. NAS shared drive for CCP systems
3) Log on to iViewGT as administrator.
4) Copy the patch from NSS/NAS Installs folder to the iViewGT desktop
5) Open Start Menu, Control Panel
a. Go to Windows Update
b. Click Change settings
c. Under Important Updates, Click Check for updates but let me choose whether to download and install
them from the drop-down menu.
d. Click OK.
6) Double click on the patch, to run it
a. On Windows Update Standalone Installer Window– KB4012212, click Yes
b. Update will be installed.
c. Click Restart Now
i. Windows will restart and configure updates on restart
7) Log back on as Administrator
8) Open Start Menu, Control Panel,
a. Go to Windows Update
b. Click Change settings
c. Under Important Updates, Click Never Check for updates from the drop-down menu.
d. Click OK.
9) Delete the patch from the desktop

3.0 All Versions of iViewGT 3.4.1 and above

Adjusting iView user account:
1) Log on to iViewGT as Administrator
2) Open the Start menu and search for Edit Local Users and Groups (or lusrmgr.msc in run)
3) Under Users, Click on the iview user account, then right click and select Properties
4) Tick the box for Password Never Expires.
5) Click Apply.
Update the File Share:
1) Open File Explorer
2) Select the Database folder which is being shared
3) Right click Properties,
4) Select Sharing Tab and Click Share… button
a. Select iview user account
b. Set Permission level to Read.
5) Click Share

4.0 NSS
Remove the old Port forwarding rule configured for “Any” source IP address.
1) In the list of Port Forward addresses, find the iView share with the Source “Any” and then click the red X
on the right-hand side of the line.

© Elekta 2023 | All rights reserved. Company Confidential.

This document is electronically controlled. Printed copies are considered uncontrolled.
Title: Instructions for iView Shares FCO
Document ID: E061132 01 Page 2 of 4
 2) Click Save Changes
3) Click Save.

Adding the new Port forwarding addresses for each system:

1) Connect to the NSS.
2) On the NSS Dashboard window, click Firewall, and then select Port Forwarding. The Port Forwarding
window opens.
3) Click Add new.
4) In the Interface drop down list, Select eth0:< Second_name>
5) In the Original destination drop down list select Zentyal
6) In the Original destination port drop down list select Single port and type 445 (Windows Sharing) in the
related text box.
7) In the Protocol drop down list, select TCP/UDP
8) In the Source drop down list, select Source IP
9) Enter the IP address of the system (AQUA, DosiSoft, Sun Nuclear)
10) In the Destination IP text box, type 192.168.30.5 (iView IP address in NSS environment)
11) In the Port drop-down list, select Same.
12) In the Description text box, type the related description.
13) Select Add.
The new forwarding port appears in the List of forwarded ports.
14) Select Save Changes.
15) Select Save.

Repeat the above steps for each System which uses the iViewGT file share access; AQUA, DOSIsoft, Sun
Nuclear. You will need the IP address for each system.

5.0 CCP – Network Management and Security (NMaS)

Ensure the latest NMaS rule configuration set and latest platform support software have been applied (System
Information).
Check which of the following applies to the system:
• Run the Remove iView Share NMaS rule package.
• Run iViewShare NMaS rule package to maintain one single host for each system using the instructions
below.
o Remove iView Share rule removes the Port Forwarding IP address(es), the Security Policy and the
Address book entry for the External Source IP (if necessary) from the NMaS Utility to ensure the Cyber-
Security of the Elekta systems is maintained.
Instructions for Removing iView Share NMaS rule package:
1) Connect the laptop to the Service LAN
2) Copy the Remove iView Shares Rule and Add iView DB Share All Rule Package into a folder on the NAS
(\\192.168.30.17)
3) Log on to the CCP Management PC
4) Open the NMaS Utility and log on using your ESSI credentials
5) Select File, Open Single Fragment
6) Browse to the location of the Remove iView Shares Rule package, select open
7) Select Summary
8) Select Commit.
9) Wait for the Success message to appear then select Back to go back to the main NMaS screen.

Instructions for Adding the iView file share NMaS Rule Package for each system:
1) Select File, Open Single Fragment
2) Browse to the location of the iViewShare Rule package, click open

© Elekta 2023 | All rights reserved. Company Confidential.

This document is electronically controlled. Printed copies are considered uncontrolled.
Title: Instructions for iView Shares FCO
Document ID: E061132 01 Page 3 of 4
 a. Enter the IP address for the applicable system which requires file share access – AQUA, Dosisoft, Sun
Nuclear.
b. Enter the Name of the system to be configured, for example: AQUA, EPIbeam, EPIgray, Sun Nuclear
(this is only used as an identifier for the system being configured, it will be displayed in NMaS. It does
not need to be a hostname).
c. Enter the NMaS Second IP address in the applicable field.
3) Click Summary, Click Commit.
4) Wait for the Success message to appear then Click Back to go back to the main NMaS screen.
5) Repeat for each applicable device.

© Elekta 2023 | All rights reserved. Company Confidential.

This document is electronically controlled. Printed copies are considered uncontrolled.
Title: Instructions for iView Shares FCO
Document ID: E061132 01 Page 4 of 4