User Manual
Cyber Security Concepts -
How to Secure the System
4
53
Siemens
Application Note
Smart Infrastructure
4.13.4 D4: Client/Server Application in a Secured Loca-
tion/Control Room
Applicability
Suitable and supported for IT security
If Desigo CC security prescriptions are applied
Location of the physical server Supervised control room desk and enclosure
Topic Required Hardening
Physical/virtual server exclusivity Non-exclusive: a computer also used for regular
office tasks.
Physical server protective measures Server machine locked in cabinet.
Unplug and theft protection.
Server protective measures
(Software)
Disable interfaces with memory access (FireWire,
USB 3.1).
Encrypt the hard disk.
Continuously maintained and strong antivirus
protection.
Continuously maintained desktop firewalls.
Firewalls rules not on auto allowance, UPS needed,
FEP in enclosed environment (locked cabinet).
Server OS version and set up Secure Windows OS installation.
Set up and maintain Windows security.
Keep Windows OS continuously updated by
security patches.
Enforce strong password policy.
Restrict access to users and to Desigo CC
applications.
Secured network configuration (for example,
managed access rights to network folders)
Client OS version and set up Secure Windows OS installation.
Set up and maintain Windows security.
Keep Windows OS continuously updated by
security patches.
Enforce strong password policy.
Restrict access to users and to Desigo CC
applications.
Managed certificates and credentials.
Client protective measures
(Software)
Disable interfaces with memory access (FireWire,
USB 3.1).
Continuously maintained and strong antivirus
protection.
Continuously maintained desktop firewalls.
Firewalls rules not on auto allowance.
Secure certificate store.
Set up all applications running on the client. Do not
store passwords locally.
Connection for clients inside the
customer network
Secured communication configured.
Segmented Network.
Network firewalls configured and continuously
maintained.