Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation
11121314151617181920
Network Security Controls
3
15
Siemens
Application Note
Smart Infrastructure
3 Network Security Controls
The following sections detail the concept of a protected system configuration as
well as specific use cases. The network security-related controls aim at mitigating
the risk of exploitation of possible Desigo CC vulnerabilities.
To enhance security, follow the policies of your company as well as any national
legislations or international standards, such as ISO/IEC 27002 and IEC62443.
3.1 Protected System Configuration Concept
The Desigo CC system is a critical business application and must be protected
from attacks and unauthorized access.
Desigo CC (Server) should be operated in a separated network zone further called
Backbone. Desigo CC (Web Server) should also be operated in a separated zone,
so called DMZ.
The components in the DMZ and Backbone zone should not be connected to other
networks (e.g. intranet or internet), with exception of the required connections
detailed in this document. Required connections are those to the clients in the
Office network and DMZ. The communication between DMZ and Backbone and
other zones should be limited to the necessary minimum by means of a firewall.
NOTICE
Insecure Networks
Connections between computers in Backbone Level and insecure networks like
the internet or any other networks can compromise the security of the system.