Siemens SIMATIC IOT Operating Instructions Manual page 18

Safety instructions
2.4 Notes on use
Note
Use in an industrial environment without additional protective measures
This device is designed for use in a normal industrial environment according to IEC 60721-3-
3.
Disclaimer
Please note that the following list of recommended risk-minimizing security measures is not
intended to be exhaustive. Thus, please consult your security expert for final assessment and
configuration. Further, as already mentioned in IndustrialSecurity
(https://www.siemens.com/industrialsecurity).
Please note (i) that you are responsible for preventing unauthorized access to your plants,
systems, machines, and networks, and (ii) that you should only connect such systems,
machines, and components to an enterprise network or the internet if and to the extent such
a connection is necessary and only when appropriate security measures (e.g. firewalls and/or
network segmentation) are in place. Since you are solely responsible for the conception,
implementation, and maintenance of a holistic, state-of-the-art security concept to protect
your enterprise, factories/plants, systems, machines, and networks (including the products)
against cyberthreats, you are liable for any damage caused by implementing no or
insufficient security measures.
Security notification
• Follows the general security rules for networks.
• Install hardware firewall before connecting to internet. Install software firewall on the
device and open necessary ports only.
• Deploy DLP (data leakage protection) over your system to protect sensitive data.
• Install the device in cabinets, separated rooms or controlled areas. Restrict the access to
the device with lock if possible.
• Only authorized personal can access the device.
• Only access secured wireless networks using secured software/hardware components.
• Use separate accounts for admin tasks and user tasks.
• Only enable the debug functionality (for example, TCF) when necessary.
• Always integrate security updates from latest example image or official upstream.
• Only install software components from trusted sources.
• Change the system password regularly.
• The device can be identified by collecting MAC/UID information from the system.
• When Secure Boot is not enabled, set SPI flash in write protected state through "Jumper"
and lock flash in bootloader while the device is in normal operation.
18
Operating Instructions, 03/2024, A5E39456816-AF
SIMATIC IOT2050