ABB COM600 series 5.0 Cyber Security Deployment Manualline page 19

1MRS758267 COM600 series 5.0
Cyber Security Deployment Guideline
•
Action – specifies the action that needs to be taken when its corresponding condition
mentioned in the rule matches. The action specified can either allow a connection
or block a connection.
• Profile – specifies when a rule needs to be taken into account based on the network
to which COM600 is connected.
Figure 3.2.3-1 Windows Firewall
Windows allows three types of classification to the network to which COM600 is con-
nected to. These classifications provide a way of grouping firewall rules and their com-
binations to achieve a varied connection behavior when communicating on the network.
The network classifications include:
•
Private profile – Can be used when COM600 is connected to a network through
LOCAL LAN adapter. This can be a network of devices which shares the same
physical perimeter along with COM600.
• Public profile – Can be used when COM600 is connected to a network through
REMOTE LAN adapter. This can be a network using which, an authorized
user/process can get electronic access to COM600 from devices that may be located
outside the physical perimeter of COM600. This network should still be private,
isolated from internet or any other public networks.
•
Domain profile – Can be used as an alternative option to Public profile when
COM600 is connected to a network maintained by a domain controller.
Default Firewall Rules
There are few firewall rules defined in COM600 by default. These firewall reflects
minimum configuration that could be done at factory. We recommend to further refine
these rules by editing the existing ones or creating new rules to achieve a desired security
profile.
windows_firewall.png
19