User Manual

ManualsBrandsSiemens ManualsBuilding automationOSS readme for DXR1

Security best practices

Cyber security disclaimer

A6V11526405_en--_b

3 | 16

Security best practices

Network setup must avoid direct connection from Internet to the end device.

- Implement Port security to disallow connection and network participation of

unauthorized laptops/devices to a switch.

- Unauthorized access must be prevented by physical security measures. Thus,

access to devices (controllers) must be limited to only those person who require

it. Equipment can further be monitored via CCTV.

- If possible, physically separate control systems from non-control systems. Apply

the concept of least-privilege to minimize impact in case of a compromise of user

credentials.

- Ensure that complex and strong passwords are required. Furthermore, ensure

that administrator passwords are at least 12 characters and at least 8 for non-

administrative users.

- Ensure that username/password are unique for each site within the

country/office.

- Ensure that users each have their own individual login accounts. User accounts

must not be shared.

- Configure account lockout settings (threshold, observation windows, duration) to

protect the system from password guessing or brute force attacks.

- Make sure accounts are removed within a reasonable amount of time after users

leave the site.

- Make sure firmware is downloaded only from legitimate / known locations.

Cyber security disclaimer

Siemens provides a portfolio of products, solutions, systems and services that

includes security functions that support the secure operation of plants, systems,

machines and networks. In the field of Building Technologies, this includes building

automation and control, fire safety, security management as well as physical

security systems.

In order to protect plants, systems, machines and networks against cyber threats, it

is necessary to implement – and continuously maintain – a holistic, state-of-the-art

security concept. Siemens’ portfolio only forms one element of such a concept.

You are responsible for preventing unauthorized access to your plants, systems,

machines and networks which should only be connected to an enterprise network

or the internet if and to the extent such a connection is necessary and only when

appropriate security measures (e.g. firewalls and/or network segmentation) are in

place. Additionally, Siemens’ guidance on appropriate security measures should be

taken into account. For additional information, please contact your Siemens sales

representative or visit https://www.siemens.com/global/en/home/company/topic-

areas/future-of-manufacturing/industrial-security.html.

Siemens’ portfolio undergoes continuous development to make it more secure.

Siemens strongly recommends that updates are applied as soon as they are

available and that the latest versions are used. Use of versions that are no longer

supported, and failure to apply the latest updates may increase your exposure to

cyber threats. Siemens strongly recommends to comply with security advisories on

the latest security threats, patches and other related measures, published, among

others, under https://www.siemens.com/cert/en/cert-security-advisories.htm.