User Manual
Cyber Security Concepts -
How to Secure the System
4
51
Siemens
Application Note
Smart Infrastructure
Topic Required Hardening
Remote access Via remote desktop
Printers connectivity Yes
IT skills of users Low
IT skills of system administrators Medium
IT skills of network administrators Medium
IT skills of the installer (BT or VAP) Medium
Field devices connectivity Directly, via V-LAN or customer networks: customer
is responsible for securing it. The assumption is
that the customer’s IT secures field device
connectivity.
Connection to other services (for
example: OPC servers and clients)
Directly, via V-LAN or customer networks: customer
is responsible for securing it. The assumption is
that the customer’s IT secures field device
connectivity.
Client Windows login No auto-logon or professional KIOSK mode.
Desigo CC users Use Windows authentication only.
Desigo CC client options Any client option.
4.13.3 D3: Client/Server Application in Office Environment
Applicability
Location of the physical server On the desktop of one of the users in a controlled
office environment (not in a publicly accessible
area).
Physical/virtual server exclusivity Non-exclusive: a computer also used for regular
office tasks.
Topic Required Hardening
Physical server protective measures Unplug and theft protection
Server protective measures
(Software)
Disable interfaces with memory access (FireWire,
USB 3.1).
Encrypt the hard disk.
Continuously maintained and strong antivirus
protection.
Continuously maintained desktop firewalls.
Firewalls rules not on auto allowance, UPS needed,
FEP in enclosed environment (locked cabinet).
Server OS version and set up Secure Windows OS installation.
Set up and maintain Windows security.
Keep Windows OS continuously updated by
security patches.
Enforce strong password policy.
Restrict access to users and to Desigo CC
applications.
Secured network configuration (for example,
managed access rights to network folders).