cRSP IT security concept siemens.
cRSP IT security concept Document objective The Siemens common Remote Service Platform (cRSP) is the IT platform used throughout the group for implementing remote access to IP-based equipment. This security concept describes the measures that we at Siemens Smart Infrastructure take to protect customer data and IT systems when using our remote services.
cRSP IT security concept Data and information on building infrastructure must be available reliably, quickly, globally and securely. Siemens common Remote Services meet all these requirements to the greatest extent.
cRSP IT security concept General operating concept Data security as a basic requirement Confidentiality and long-term partnerships are highly valued at Siemens. That is why we give the security of your data the highest priority. Before Siemens implements and enhanced service package with remote support, an in-depth analysis of the situation will be conducted, taking into account national and international regulations, technical infrastructures and industry specifics.
cRSP IT security concept Data management Siemens treats your data as confidential and grants access only on a need-to-know basis. The implementation of this principle is supported by rule-based access mechanisms, which are mapped within an infrastructure and tool landscape designed specifically for this purpose. The data management measures implemented depend on your data protection requirements, the type of data and the provisions of applicable regulations.
cRSP IT security concept You determine how access takes place As a basic requirement, you must contractually authorize every service activity. Access is designed to only be granted for the contractually agreed use cases. To enable access to your systems from outside the Siemens network, the Customer Web Portal (CWP) with enhanced security requirements (2 factors authentication) has been established.
cRSP IT security concept Authentication and authorization of Siemens service personnel The central backend of the cRSP platform is in a separate segment within the Siemens intranet. Authenticating and authorizing your personnel To enable you to access your systems outside the Siemens network , the Customer Web Portal (CWP) with enhanced security requirements (two factorsauthentication) has been established. Siemens therefore issues PKI certificates for employees.
cRSP IT security concept Technical security concept Network structure To protect your network as well as the Siemens intranet against threats, Siemens has secured the cRSP infrastructure in a DMZ. Service technicians do not set up end-to-end connections to your systems or vice versa. Instead, the connections end in the DMZ, which is secured on both sides by firewalls. The reverse proxy server establishes the connection to your system and mirrors the incoming communication to the Siemens intranet.
cRSP IT security concept Security measures for IPsec Siemens uses the established standard IP Security (IPSec) with preshared secrets for encrypted and authenticated data transmission. A minimun recommendet configuration is: Presehared secrets consist of an arbitrary string of minimum 12 random characters. The Internet Security Association and Key Management Protocol (ISAKMP) is used to exchange securely encryption key information.
cRSP IT security concept Security measures in the customer network The following section provides a list of the protocols and services used. Should you need any other specific security measures or customized firewall functions for special applications, network segments, etc., they are available depending on your choice of connectivity options.
cRSP IT security concept “The risks are manageable if the industry relies on a universal security concept.” Dr.
cRSP IT security concept Appendix IPsec Siemens Owned Access Connection between cRSP infrastructure and customer network is performed through a router provided by Siemens. Internet Connection Access Point Customer Network UDP: 500 and 4500 TCP: 22 VPN Broadband IPSec SOA UDP: 500 and 4500 Customer Owned Access Connection between cRSP infrastructure and customer network is performed through a customer router or it ends at the customer’s firewall.
cRSP IT security concept SSL VPN Internet Based Connection Each equipment is connected to cRSP trough internet and utilizes a secure SSL VPN tunnel. Access to internet is provided by the customer. Internet Connection Access Point Customer Network Blocked SSL VPN Tunnel TCP: 443 DigitalizationBox/Remote Solution Gateway Connection between cRSP infrastructure and customer network is performed through a router provided by Siemens .
People spend about 90 percent of their time indoors. Improve the places where they spend their lives and you improve their lives. With our people and technology, our products and services, our aim is to create perfect places. For every stage of life. When building technology creates perfect places – that’s Ingenuity for life. Creating environments that care siemens.com/smart-infrastructure Article no. BT_0123_EN (Status 07/2019) Subject to changes and errors.