User Manual
Cyber Security Concepts -
How to Secure the System
4
55
Siemens
Application Note
Smart Infrastructure
4.13.5 D5: Client/Server Application in a Professional IT
Environment
Applicability
Location of the physical server Restricted server room
Physical/virtual server exclusivity Exclusive: Server only hosts Desigo CC
applications
Topic Required Hardening
Physical server protective measures Server machine locked in cabinet.
Unplug and theft protection.
Server protective measures (Software) Disable interfaces with memory access
(FireWire, USB 3.1).
Encrypt the hard disk.
Continuously maintained and strong antivirus
protection.
Continuously maintained desktop firewalls.
Firewalls rules not on auto allowance, UPS
needed, FEP in enclosed environment (locked
cabinet).
Server OS version and set up Patched secure Windows installation.
Set up and maintain Windows security.
Keep Windows OS continuously updated by
security patches.
Enforce strong password policy.
Restrict access to users and to Desigo CC
applications.
Secured network configuration (for example,
managed access rights to network folders).
Advanced malware protection.
Automated backup.
Client OS version and set up Secure Windows OS installation.
Set up and maintain Windows security-
Keep Windows OS continuously updated by
security patches.
Enforce strong password policy.
Restrict access to users and to Desigo CC
applications.
Managed certificates and credentials.
Client protective measures (Software) Disable interfaces with memory access
(FireWire, USB 3.1).
Continuously maintained and strong antivirus
protection.
Continuously maintained desktop firewalls.
Firewalls rules not on auto allowance.
Secure certificate store.
Set up all applications running on the client.
Do not to store passwords locally.
Connection for clients inside the
customer network
Secured communication configured.
Segmented Network.
Network firewalls configured and continuously
maintained.