Users Manual Part 1
7EN
DIRIS Digiware D-50 & D-70 - 548088C - SOCOMEC
• Device security: Device security depends on its network environment, but also user behaviour. In terms of the
environment, elementary protective measures (ltering authorised stations by MAC address, opening service
ports, selecting authorised applications etc.) are highly recommended. Greater precaution is required on
managing removable media (external hard drive, USB ash drive, wireless communication provision etc.).
Finally, in terms of a server like the DIRIS Digiware D-50/D-70, it should be protected by controlling and limiting
physical access to the rooms and cabinets hosting the device.
How DIRIS Digiware D-50/D-70 displays can help:
DIRIS Digiware D-50/D-70 displays reduce the attack exposure by blocking or restraining the access to certain
peripherals and services that are not essential to the customer use case.
> Refer to paragraph 10.3.1 for more information on how to congure your display’s security policy.
Moreover, the rmware and webserver applications are signed with an asymmetrical key to make sure any
rmware upgrade uses the correct matching signature to allow the device to be upgraded. This prevents the
diversion of the device from its intended use by Socomec (by uploading a dummy rmware for instance) and
guarantees that the rmware stays without virus over time.
• Data security: Data security covers several aspects, in particular the condentiality, integrity, authenticity and
availability of data. Special care is required with data security and archiving procedures on backup devices both
inside and outside the company.
How DIRIS Digiware D-50/D-70 displays can help:
It is possible to export data such as energy indexes, load curves and historical measurement (Trends), both
manually or automatically for back-up.
It is also possible to save the topology (mapping of slaves connected to the D-50/D-70 display) from the
embedded webserver and conguration le from Easy Cong software.
Condentiality is addressed by providing 256-bit AES encryption (AES 256) for personal data such as passwords
along with product. This means it would take 2256 combinations to break the encryption key.
• Access and authentication management: Managing access to resources and data is a crucial element of
the IT system’s security policy. Each user requires an account and access rights corresponding to their prole.
Access to the IT system’s resources is controlled by a user authentication process, based on a minimum of
a high-security username and password. The password management procedure, specifying the systematic
modication of default passwords and their validity period, is included in the IT security policy.
How DIRIS Digiware D-50/D-70 displays can help:
Multiple proles are available to access the web application. The highest prole is “Cybersecurity”, which allows
you to manage users’ access to the web application based on what is relevant for them.
Proles are password protected. Certain measures are taken into account in Socomec D-50/D-70 displays to
reduce the risk of password theft:
- Encryption of credentials
- Password must meet minimum security requirements (minimum 10 characters, including at least one
upper case, one lower case, one number and a special character).
- Password must be changed at least once a year.
- After 3 failed log-in attempts, account is locked for 1 hour.
- Passphrase for password recovery in case password is lost.
> Refer to paragraph 10.1 for more information regarding the different proles and their password protection.