3 IT security
Maschinenfabrik Reinhausen GmbH 202022 6385142/08 ENETOS
®
ED
3 IT security
Observe the following recommendations to operate the product safely.
General
▪ Ensure that only authorized personnel have access to the device.
▪ Only use the device within an ESP (electronic security perimeter). Do not
connect the device to the Internet in an unprotected state. Use mecha-
nisms for vertical and horizontal network segmenting and security gate-
ways (firewalls) at the transition points.
▪ Ensure that the device is only operated by trained personnel who are fa-
miliar with IT security.
Commissioning
Observe the following recommendations for device commissioning:
▪ User IDs must be unique and assignable. Do not use a "Group account"
function or the "Auto login" function.
▪ Activate the "Auto logout [►Section 9.2.2, Page 109]" function.
▪ Restrict the rights of the individual user groups as much as is feasible; this
helps avoid errors during operations. A user with the "Operator" role, for
example, should only perform operations and should not be able to
change any device settings.
▪ Delete or disable the default "admin" user ID. This requires first creating a
new user account with the "Administrator" role. You can then use it to
delete or disable the default "admin" account.
▪ Deactivate service user access [►Section 9.2.3, Page 110].
▪ Enable SSL/TLS encryption [►Section 9.2, Page 107]; access to the de-
vice is then only possible using the SSL/TLS protocol. In addition to en-
crypting communication, this protocol also checks the authenticity of the
server.
▪ Use TLS version1.2 or higher wherever possible.
▪ Integrate the device into a public key infrastructure. Create your own SSL
certificates for this if necessary and then import them.
▪ Connect the device to a central log server by using the syslog interface
[►Section 9.6, Page 118].
▪ Only use the SNMP function if you can ensure that the communication is
protected by external security equipment.
Operation
Observe the following recommendations during device operation:
▪ Change the password at regular intervals.
▪ Export the security log [►Section 9.36.1, Page 325] at regular intervals.
▪ Check the log files regularly for unauthorized system access and other se-
curity-related events.
To Next Page
Loading...
Need help?
General
