Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation
41424344454647484950
4
Cyber Security Concepts -
How to Secure the System
Cyber Security Concepts
-
42
Siemens Application Note
Smart Infrastructure
4.2 IT Security
NOTICE
The owner of the Desigo CC system is responsible for establishing and maintaining
appropriate IT security, in particular by applying virus scanners, deactivating unneeded
services and network ports, and by regular patching and updating the operating system
and all installed applications.
4.3 Communication Security
The communication between Web Clients and the Web Server (IIS) is always
encrypted. The runtime data transfer between a FEP and the system server,
between the system server and a Web Server, and between the system server and
Installed Clients may be encrypted as an option.
The file transfer between the system server and Installed Clients and between the
system server and a Web Server is unencrypted for performance reasons.
The communication between the system server and the History Database is
unencrypted for performance reasons.
Sensitive data (such as, passwords during authentication or user management
configuration) is transferred as encrypted content between the Desigo CC clients
and the system server (regardless of the communication encryption).
NOTE:
Self-signed certificates are supported to allow local deployments without the overhead of
obtaining commercial certificates. When using self-signed certificates, the owner of the
Desigo CC system is responsible for maintaining their validity status, and for manually
adding them to and removing them from the list of trusted certificates.
Self-signed certificates may only be used in accordance with local IT regulations (some
CIO organizations do not allow them, and network scans will identify them). Importing of
commercial certificates follows the same procedures.
NOTE:
Wireless input devices (especially keyboards) use radio transmission that is often not or
inadequately cryptographically protected. Even from greater distances, it is possible to
listen in or even plant external data in the system. The use of wireless input devices should
be avoided when used in high security environments. If the use of wireless input devices is
absolutely necessary, use only devices with proven encryption.
With version 4.0, the Bluetooth (BT) standard includes an encryption mechanism
(AES128). In order for it to be effective, all devices must use BT 4.0. Users should also
observe the information provided by the manufacturer.