3 IT security
Maschinenfabrik Reinhausen GmbH 202116 7817454/02 ENTAPCON
®
230 Expert
3 IT security
Observe the following recommendations to operate the product safely.
3.1 General
▪ Ensure that only authorized personnel have access to the device.
▪ Only use the device within an ESP (electronic security perimeter). Do not
connect the device to the Internet in an unprotected state. Use mecha-
nisms for vertical and horizontal network segmenting and security gate-
ways (firewalls) at the transition points.
▪ Ensure that the device is only operated by trained personnel who are fa-
miliar with IT security.
3.2 Operation
Observe the following recommendations during device operation:
▪ Change the password at regular intervals.
▪ Export the security log at regular intervals.
▪ Check the log files regularly for unauthorized system access and other se-
curity-related events.
3.3 Commissioning
Observe the following recommendations for device commissioning:
▪ User IDs must be unique and assignable. Do not use a "Group account"
function or the "Auto login" function.
▪ Activate the "Auto logout" function.
▪ Restrict the rights of the individual user groups as much as is feasible; this
helps avoid errors during operations. A user with the "Operator" role, for
example, should only perform operations and should not be able to
change any device settings.
▪ Delete or disable the default "admin" user ID. This requires first creating a
new user account with the "Administrator" role. You can then use it to
delete or disable the default "admin" account.
▪ Deactivate service user access.
▪ Enable SSL/TLS encryption [►Section 9.1.1, Page 67]; access to the
device is then only possible using the SSL/TLS protocol. In addition to en-
crypting communication, this protocol also checks the authenticity of the
server.
▪ Use TLS version1.2 or higher wherever possible.
▪ Integrate the device into a public key infrastructure. Create your own SSL
certificates for this if necessary and then import them.
▪ Connect the device to a central log server by using the syslog interface.
To Next Page
Loading...
Need help?
General
