C. Security Guidelines
This appendix provides security practices for installing, operating, maintaining, and decommissioning the
device. Moxa strongly recommends that our customers follow these guidelines to enhance network and
equipment security.
Installation
Physical Installation
1. To comply with IEC 62443 requirements, the AWK Series device MUST be installed within an access-
controlled area, where only authorized personnel have physical access to the AWK Series device.
2. To comply with IEC 62443 requirements, the device MUST NOT be directly connected to the Internet,
which means the AWK Series device MUST be installed within a security perimeter with firewall.
Additionally, the various application service servers such as DHCP, NTP, RADIUS, … etc. shall be
securely configured with proper authentication within the security perimeter with firewall protection as
illustrated in the image below:
3. Always configure the AWK Series device to comply with your organization’s network and security
requirements before physical installation. Do not physically install devices that are unconfigured or have
an unknown configuration state to avoid unnecessary risks. Please follow the instructions in the Quick
Installation Guide, which is included in the package, to ensure you install the device correctly in your
environment.
4. The AWK Series has anti-tamper labels visible on the enclosures covering assembly screws. Any
tampering to open the mechanical enclosure to access electrical circuit boards will result in the
fracturing of anti-tamper labels. This allows an administrator to immediately tell if the device’s hardware
integrity has been compromised.
5. Ports that are not in use should be deactivated. Please refer to Hardware Interface and Ports to review
the status of each I/O port and disable any unused ports.
6. The AWK Series devices are industrial WLAN infrastructure components serving as the underlying fabric
to support automation processes. These devices are not an integral part of process automation logic
and therefore do not support nor are they suitable for any deterministic process control outputs.
To Next Page
Loading...
Need help?
General
