Basics and mounting
Industrial security and installation guidelines > Industrial security in information technology
2.8.1.1
Protection of hardware and applications
Precautions
52
■
Do not integrate any components or systems into public networks.
–
Use VPN "Virtual Private Networks" for use in public networks. This allows you to
control and filter the data traffic accordingly.
■
Always keep your system up-to-date.
–
Always use the latest firmware version for all devices.
–
Update your user software regularly.
■
Protect your systems with a firewall.
–
The firewall protects your infrastructure internally and externally.
–
This allows you to segment your network and isolate entire areas.
■
Secure access to your plants via user accounts.
–
If possible, use a central user management system.
–
Create a user account for each user for whom authorization is essential.
–
Always keep user accounts up-to-date and deactivate unused user accounts.
■
Secure access to your plants via secure passwords.
–
Change the password of a standard login after the first start.
–
Use strong passwords consisting of upper/lower case, numbers and special char-
acters. The use of a password generator or manager is recommended.
–
Change the passwords according to the rules and guidelines that apply to your
application.
■
Deactivate inactive communication ports respectively protocols.
–
Only the communication ports that are used for communication should be acti-
vated.
–
Only the communication protocols that are used for communication should be
activated.
■
Consider possible defence strategies when planning and securing the system.
–
The isolation of components alone is not sufficient for comprehensive protection.
An overall concept is to be drawn up here, which also provides defensive meas-
ures in the event of a cyber attack.
–
Periodically carry out threat assessments. Among others, a comparison is made
here between the protective measures taken and those required.
■
Limit the use of external storage media.
–
Via external storage media such as USB memory sticks or SD memory cards,
malware can get directly into a system while bypassing a firewall.
–
External storage media or their slots must be protected against unauthorized phys-
ical access, e.g. by using a lockable control cabinet.
–
Make sure that only authorized persons have access.
–
When disposing of storage media, make sure that they are safely destroyed.
■
Use secure access paths such as HTTPS or VPN for remote access to your plant.
■
Enable security-related event logging in accordance with the applicable security policy
and legal requirements for data protection.
HB700 | CPU | PMC921xEx | en | 24-04
iC9200 Series