ABB COM600 series 5.0 Cyber Security Deployment Manualline page 29

1MRS758267 COM600 series 5.0
Cyber Security Deployment Guideline
Latest available updates can be obtained and updated on COM600 by creating either an
online or an offline setup. The online setup includes adding and maintaining a local
Windows Server Updates Services (WSUS) server infrastructure. The offline setup
includes manually obtaining update installation files from Microsoft update catalog
website and transferring those files to COM600 through a physical medium for installa-
tion. For both online and offlines setups, careful measures should be taken for this purpose
without compromising electronic security perimeter of COM600. ABB recommends
that the updates are installed by an authorized system administrator.
Online Updates through WSUS
Updates can be made to COM600 by setting up a local WSUS infrastructure. This setup
requires a Windows server running Windows 2012 R2 in a 64 bit machine, connected
to COM600 in a private network. This server would also need access to internet through
a public network, capable of connecting to Microsoft Update Server as shown in Fig-
ure 3.5.1-1. It is important to achieve a proper network isolation between various devices
involved, by careful implementation of firewall policies and secured access profiles.
WSUS_setup_update_COM600.png
Figure 3.5.1-1 WSUS setup to update COM600
With this setup, available updates from Microsoft Update server can be analyzed before
installation for compatibility and approved locally for further installation. Approved
updates can be installed automatically in COM600 by additional configuration made
locally within COM600. See Appendix 2 for details on how to manage this setup, browse
for available updates and approve those for further installation in COM600.
29