User Manual
4
Cyber Security Concepts -
How to Secure the System
Cyber Security Concepts
-
52
Siemens Application Note
Smart Infrastructure
Topic Required Hardening
Client OS version and set up Secure Windows OS installation.
Set up and maintain Windows security
Keep Windows OS continuously updated by
security patches.
Enforce strong password policy
Restrict access to users and to Desigo CC
applications
Managed certificates and credential
Client protective measures
(Software)
Disable interfaces with memory access (FireWire,
USB 3.1).
Continuously maintained and strong antivirus
protection.
Continuously maintained desktop firewalls.
Firewalls rules not on auto allowance.
Secure certificate store.
Set up all applications running on the client. Do not
store passwords locally
Connection for clients inside the
customer network
Secured communication configured.
Segmented Network.
Network firewalls configured and continuously
maintained.
Connection for clients outside the
customer network (Remote access)
Secured communication configured.
Segmented Network.
Network firewalls configured and continuously
maintained.
DMZ configured.
Remote access Via remote desktop and VPN.
Clients on Internet restricted to "need to know".
Printers connectivity Yes
IT skills of users Low
IT skills of system administrators Medium
IT skills of network administrators High
IT skills of the installer (BT or VAP) Medium
Field devices connectivity Directly, via V-LAN or customer networks: customer
is responsible for securing it. The assumption is
that the customer’s IT secures field device
connectivity.
Connection to other services
(for example, OPC servers and
clients)
Directly, via V-LAN or customer networks: customer
is responsible for securing it. The assumption is
that the customer’s IT secures field device
connectivity.
Client Windows login No auto-logon or professional KIOSK mode.
Desigo CC users Use Windows authentication only.
Desigo CC client-options Use Windows App and Web Client only.