Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation
12345678910
Table of Contents
3
Siemens Application Note
Smart Infrastructure
Table of Contents
1 About This Document ........................................................................................ 5
1.1 Applicable Documents .......................................................................................... 6
1.2 Technical terms and abbreviations ...................................................................... 6
1.3 Acknowledgements ............................................................................................ 10
1.4 Revision history .................................................................................................. 11
2 Cyber Security Basics ..................................................................................... 12
2.1 Introduction ......................................................................................................... 12
2.2 Threat and Risk Terminology ............................................................................. 13
2.3 System Security ................................................................................................. 14
3 Network Security Controls .............................................................................. 15
3.1 Protected System Configuration Concept .......................................................... 15
3.1.1 Zone Boundary Protection .................................................................. 16
3.1.2 System Components ........................................................................... 17
3.1.3 Firewall Rules ..................................................................................... 18
3.1.4 Least Functionality Implementation .................................................... 23
3.2 Intended Operational Environments ................................................................... 23
3.2.1 All-In-One (One-Seat) System ............................................................ 23
3.2.2 Client/Server inside the Customer Network ........................................ 27
3.2.3 Server and Remote Web Server (IIS) ................................................. 29
3.2.4 Client/Server with Internet Access ...................................................... 32
3.2.5 Large, Distributed Client/Server with Internet Access ........................ 36
3.2.6 Distributed System Configurations ..................................................... 37
3.2.7 Virtualization ....................................................................................... 39
4 Cyber Security Concepts - How to Secure the System ............................... 40
4.1 User Management .............................................................................................. 41
4.2 IT Security .......................................................................................................... 42
4.3 Communication Security .................................................................................... 42
4.4 License Security ................................................................................................. 43
4.5 Stored Data Security .......................................................................................... 43
4.6 Main Server Folder Shares for Client and FEP Installations .............................. 44
4.7 Server Services .................................................................................................. 45
4.8 LMS – License Management System ................................................................ 45
4.9 Physical and Environmental Security ................................................................. 46
4.10 Incident Handling ................................................................................................ 46
4.11 Windows Hardening ........................................................................................... 46
4.12 Web Browser Security ........................................................................................ 47
4.13 Hardening Guidelines for Desigo CC Deployments ........................................... 49
4.13.1 D1: Unsecured Desktop ...................................................................... 49
4.13.2 D2: Stand-alone Desktop Application ................................................. 50
4.13.3 D3: Client/Server Application in Office Environment .......................... 51
4.13.4 D4: Client/Server Application in a Secured Location/Control Room .. 53
4.13.5 D5: Client/Server Application in a Professional IT Environment........ 55
5 Checklist............................................................................................................ 57