Security
Operating Manual PITreader, PITreader Firmware V1.5.x
1004806-EN-08
| 12
4 Security
To secure plants, systems, machines and networks against cyberthreats it is necessary to
implement (and continuously maintain) an overall industrial security concept that is state of
the art.
Perform a risk assessment in accordance with VDI/VDE 2182 or IEC 62443-3-2 and plan
the security measures with care. If necessary, seek advice from Pilz Customer Support.
4.1 Implemented security measures
} The web application is protected against unauthorised access by a password prompt.
} The password is saved in an encrypted format.
} If a password is changed, you will be prompted to enter the old password for authentica-
tion.
} Defend against CSRF attacks (Cross-Site Request Forgery) by assigning a unique token
to a session.
} A user will automatically be logged out of the web application after 15 minutes of inactiv-
ity.
4.2 Required security measures
} The product is not protected against physical manipulation. We therefore recommend that
you install the product in a lockable control cabinet or operator panel.
A safe evaluation unit PIT m4SEU may only be connected via the terminals TxD/RxD in
the inside of a control cabinet or operator panel.
} The configuration computer that accesses the product has to be protected from attacks
by a firewall or other suitable measures. We recommend that a virus scanner is used on
this configuration computer and updated regularly.
} If necessary, protect the configuration computer and the product from unauthorised use
by assigning passwords and taking further measures if required. We also recommend
that the user logged on to this configuration computer does not have administrator rights.
} Ensure that the product is separated by a router (layer 3 switch or firewall) from the com-
pany network.
} Assign only safe passwords. When assigning passwords, please note:
– The password should have at least 8 characters.
– The password should contain upper and lower case characters, as well as special
characters and numbers.
– If possible, the password should not be available in dictionaries.
– The password should not be made up of standard variants and repetitions or key-
board patterns (so not: 1234abcd).
– Use a password manager for optimum management of complex passwords.
– Language-independent characters are not available in every keyboard language.
– Make sure you regularly change the passwords of the user accounts on the system
and/or ask the users to change their passwords themselves.
– Make the users aware of the responsible use of their access data.
To Next Page
Loading...
