Table of Contents
Advertisement
5.8.2
Connection to Systems Other Than Stratos
Security
When set to the Stratos profile and connected to Stratos only, the unit provides suitable
security to allow it to be connected to the Internet. If either of these conditions is not met
(i.e. the Stratos profile isn't selected and / or the unit is connected to systems other than
Stratos e.g. UTC systems) then a suitable analysis should be performed to ensure that
there are no security vulnerabilities in the network configuration and / or equipment used.
The details of this will depend on the networks and connections involved and is outside
the scope of this codument but the following are examples of what should be considered:
·
General:
o Has the system (including all equipment and interconnections) been
reviewed for vulnerability / susceptibility weakness appropriate to the
environment in which it is used?
o Has a plan been drawn up to ensure that the findings of this analysis are
implemented and maintained?
·
Configuration:
o Is configuration of equipment suitably protected?
o Are only the services & features which are necessary enabled?
o Is encryption used where privacy is required?
o Is authentication used where trust is required?
o Are firewalls in place to ensure traffic only flows as expected?
·
Maintenance:
o Is there a plan and means to apply security fixes to firmware used in all
elements of the system?
o Are secrets (e.g. passwords, encryption / authentication keys) held
securely?
o Is there a plan and means to update secrets as required (e.g. password
update & strength)?
·
Disposal:
o Is equipment which is replaced or no longer required disposed of in a way
which does not compromise the system (e.g. through leakage of secrets,
configuration, etc.)?
Note that this consideration applies to all types of networks including those considered
"private". Often "private" networks will have external connections to some services and
may also have some internal threats. These need to be identified and considered in order
to ensure that the system is secure.
Connection
When connecting to systems other than Stratos if IP communications are to be used, the
correct system IP address must be programmed into the Stratos Outstation before
connecting it to the network to ensure that no IP conflicts occur and that the unit is on the
correct subnet. Full details on how to configure then network interface can be found in the
ST950 User Interface Handbook 667/HU/46000/000.
Security classification
Unrestricted
Version
3
Last Editor
Alan Doyle
Document Name
Stratos Outstation General and ICM Handbook
Copyright © Siemens plc 2014. All Rights Reserved.
Mobility, Intelligent Traffic Systems
Sopers Lane, Poole, Dorset, BH17 7ER
Page
Status
Date
Document No.
Mobility and Logistics is a division of Siemens Plc
64 of 92
Issued
05-Oct-2017
667/HB/52250/000
- Quick Links:
- Ethernet Setup
Hide quick links:
Advertisement
Table of Contents
