Modular fire panel Safety | en 5
Bosch Sicherheitssysteme GmbH Networking guide 07.2019 | 5.9 | F.01U.247.450
1 Safety
In this chapter you find organizational measures for PC running service clients for the Bosch
portfolio for fire products. You are obliged to comply with these contractual agreements.
You find also safety notices collected and sorted by topics. Later on, the safety notices are
placed before the related instruction.
1.1 Organizational measures for PC running service clients
Introduction
The Bosch portfolio for fire products covers PC programs (Service-Clients) running on a
computer, which requires physical connection to the fire alarm system. Due to security
considerations and regulatory standard requirements, the fire alarm system must not be
installed in a shared network. This in turn means the complete fire alarm system network and
the PC running a service-client must build a physically dedicated network. Since Bosch only
develops the service-clients but not the PCs they are running on, the computer cannot be
controlled by Bosch. To reduce the risk of potential security issues this documents defines
organizational measures.
Measures
If measures described below require an internet connection - or the service client requires a
temporary internet connection for licensing, the PC must be physically isolated from the fire
alarm system network before connecting the PC to the internet. The internet connection must
be removed before reconnecting the PC to the fire alarm system network again.
1. Operating Systems
Bosch documents prerequisites for the service clients including the operating system
versions. The clients are guaranteed to be compatible with these versions. The operating
system the client is running on must be updated on a regular base to fix potential security
vulnerabilities.
The system must be configured to allow write access only to those folders, which are
required for the corresponding task. Per default, all users shall be granted read-only
permissions.
2. Antivirus
A state-of-the-art antivirus software must be installed and running on the computer. Its
definition files must be updated on a regular base.
3. Firewall
A software firewall must be installed and running on the PC. It has to be configured to
allow traffic between the service client and the fire alarm system, updates for the
operating system and the antivirus software. Additionally it must block all other traffic.
4. Secure user login
The access to the PC must be restricted to operators using the installed service client.
The login must be secured by state-of-the-art means. If a password is chosen to secure
the access, policies shall enforce state-of-the-art password rules.
The two-man rule (four-eyes principle) or multi-factor authentication are recommended
approaches to strengthen the authentication if applicable.
5. Software and Services
The amount of software installed on the PC shall be reduced to a minimum. Only
software required by the service client and for corresponding tasks shall be installed.
6. Usage limitations
The usage of the PC must be restricted to service related tasks by organizational means.
This also covers using the internet for other purposes than described in this document.
To Next Page
Loading...
Need help?
General
