Cybersecurity Information - Pepperl+Fuchs ICE11-8IOL-G60L-V1D Manual

Fieldbus module with multiprotocol technology and io-link

Hide thumbs Also See for ICE11-8IOL-G60L-V1D:

Manual (213 pages)

Manual (247 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

Table of Contents

ICE11-8IOL-G60L-V1D

Cybersecurity Information

The ICE11-8IOL-G60L-V1D is secure for the area of application defined here in accordance

with IEC 62443-4-1. The operator must implement the measures defined in this section to

ensure the secure operation and protection of the device while online.

Security Context

The ICE11-8IOL-G60L-V1D is intended for use in an automation network. This is a secure net-

work with known and trusted participants that is separated (physically or logically) from the

company network.

A firewall must be configured so that only defined ports are forwarded to other subnets.

The device uses the following ports:

•

Ports 49152, 34964 for PROFINET

•

Port 2222 and port 44818 for EtherNet/IP

•

Port 68 DHCP client

•

Port 80 for the administration website using HTTPS

•

Port 1883 (factory default, changeable) for MQTT if enabled

•

Port 4840 (factory default, changeable) for OPC UA if enabled

•

Port 514 (factory default, changeable) for syslog if enabled

•

Port 5683 for CoAP if enabled

To avoid losing packets, we recommend limiting the network load to < 5 % of the bandwidth.

We recommend operating the gateway behind a network switch.

The device must be physically secured against unauthorized access and operated in a lock-

able switch cabinet or room that is only accessible to authorized personnel. Otherwise, there is

a risk that some of the device settings can be changed via the "X3" service interface and the

password

The device contributes to the "defense-in-depth" strategy with the following security functions:

Security function

Access control with single-factor authentica-

tion (SFA) and automatic time-based login

lock in the event of incorrect authentication.

Deletion of all information stored in the device

using the "Reset to factory settings" function.

The access data is hashed by the SHA1 cryp-

tographic hash function with salt and pepper.

1. if left unchanged

printed on the gateway.

Addressed threat

Protection against unauthorized access,

brute-force attacks.

Protection against information being subject to

spying by physical access to the device after

decommissioning and disposal by the system

operator.

Protection against reading and recalculation

of a password or finding a collision, e.g., with

"Rainbow table."

Even in the unlikely event that this would be

possible, this would have to be repeated for

each individual device, since results cannot

be transferred to other devices, even if the

same password is used.

Table of Contents

Cybersecurity Information - Pepperl+Fuchs ICE11-8IOL-G60L-V1D Manual

Cybersecurity Information

Related Manuals for Pepperl+Fuchs ICE11-8IOL-G60L-V1D

Related Content for Pepperl+Fuchs ICE11-8IOL-G60L-V1D

Table of Contents