EasyManua.ls Logo

MR ETOS IM - 3 IT Security

MR ETOS IM
412 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
3 IT security
Maschinenfabrik Reinhausen GmbH 2019 215163667/06 EN ETOS
®
IM
3 IT security
Observe the following recommendations for secure operation of the product.
General
Ensure that only authorized personnel have access to the device.
Only use the device within an ESP (electronic security perimeter). Do not
connect the device to the Internet in an unprotected state. Use mecha-
nisms for vertical and horizontal network segmenting and security gate-
ways (firewalls) at the transition points.
Ensure that the device is only operated by trained personnel who are fa-
miliar with IT security.
Commissioning
Observe the following recommendations for device commissioning:
User IDs must be unique and assignable. Do not use a "Group account"
function or the "Auto login" function.
Activate the "Auto logout [Section 7.2.8, Page 97]" function.
Restrict the rights of the individual user groups as much as is feasible; this
helps avoid errors during operative actions. A user with the "Operator"
role, for example, should only perform operative actions and should not be
able to change any device settings.
Delete or disable the default "admin" user ID. This requires first creating a
new user account with the "Administrator" role. You can then use it to
delete or disable the default "admin" account.
Enable SSL/TLS encryption [Section 7.2, Page 94]; access to the de-
vice is then only possible using the SSL/TLS protocol. In addition to en-
crypting communication, this protocol also checks the authenticity of the
server.
Use TLS version 1.2 or higher wherever possible.
Integrate the device into a public key infrastructure. Create your own SSL
certificate for this if necessary and then import it.
Connect the device to a central log server by using the syslog interface
[Section 7.24, Page 290].
Operation
Observe the following recommendations during device operation:
Change the password at regular intervals.
Export the security log [Section 7.28.1, Page 306] at regular intervals.
Check the log files regularly for unauthorized system access and other se-
curity-related events.
Interfaces
The device uses the following interfaces for communication:

Table of Contents

Related product manuals