2.8.1.1 Protection of hardware and applications
n Do not integrate any components or systems into public networks.
– Use VPN "Virtual Private Networks" for use in public networks. This allows you to
control and filter the data traffic accordingly.
n Always keep your system up-to-date.
– Always use the latest firmware version for all devices.
– Update your user software regularly.
n Protect your systems with a firewall.
– The firewall protects your infrastructure internally and externally.
– This allows you to segment your network and isolate entire areas.
n Secure access to your plants via user accounts.
– If possible, use a central user management system.
– Create a user account for each user for whom authorization is essential.
– Always keep user accounts up-to-date and deactivate unused user accounts.
n Secure access to your plants via secure passwords.
– Change the password of a standard login after the first start.
– Use strong passwords consisting of upper/lower case, numbers and special char-
acters. The use of a password generator or manager is recommended.
– Change the passwords according to the rules and guidelines that apply to your
application.
n Deactivate inactive communication ports respectively protocols.
– Only the communication ports that are used for communication should be acti-
vated.
– Only the communication protocols that are used for communication should be
activated.
n Consider possible defence strategies when planning and securing the system.
– The isolation of components alone is not sufficient for comprehensive protection.
An overall concept is to be drawn up here, which also provides defensive meas-
ures in the event of a cyber attack.
– Periodically carry out threat assessments. Among others, a comparison is made
here between the protective measures taken and those required.
n Limit the use of external storage media.
– Via external storage media such as USB memory sticks or SD memory cards,
malware can get directly into a system while bypassing a firewall.
– External storage media or their slots must be protected against unauthorized
physical access, e.g. by using a lockable control cabinet.
– Make sure that only authorized persons have access.
– When disposing of storage media, make sure that they are safely destroyed.
n Use secure access paths such as HTTPS or VPN for remote access to your plant.
n Enable security-related event logging in accordance with the applicable security
policy and legal requirements for data protection.
Precautions
iC9200 Series
Basics and mounting
Industrial security and installation guidelines > Industrial security in information technology
HB700 | CPU | PMC921xEx | en | 23-06 37
To Next Page
Loading...
Need help?
General
