User Manual
2 | 85
A6V11646120_enUS_b_40
Table of Contents
About This Document .................................................................................................. 5
Applicable Documents .................................................................................................... 6
Technical Terms and Abbreviations ............................................................................... 6
Acknowledgements ...................................................................................................... 12
Document Revision History .......................................................................................... 13
1 Cybersecurity Basics ....................................................................................... 14
1.1 Introduction ......................................................................................................... 14
1.2 Threat and Risk Terminology ............................................................................. 14
1.3 System Security ................................................................................................. 15
1.4 SSL Certificates .................................................................................................. 16
2 Network Security Controls .............................................................................. 26
2.1 Protected System Configuration Concept .......................................................... 26
2.1.1 Zone Boundary Protection .................................................................. 27
2.1.2 System Components........................................................................... 28
2.1.3 Firewall Rules ..................................................................................... 29
2.1.4 Least Functionality Implementation .................................................... 38
2.2 Intended Operational Environments ................................................................... 39
2.2.1 All-In-One (One-Seat) System ............................................................ 39
2.2.2 Client/Server in the Customer Network .............................................. 42
2.2.3 Server and Remote Web Server (IIS) ................................................. 45
2.2.4 Client/Server with Internet Access ...................................................... 48
2.2.5 Large, Distributed Client/Server with Internet Access ........................ 53
2.2.6 Distributed System Configurations ..................................................... 55
2.2.7 Virtualization ....................................................................................... 56
3 Cybersecurity Concepts – How to Secure the System ................................ 58
3.1 User Management .............................................................................................. 59
3.2 IT Security .......................................................................................................... 60
3.3 Communication Security .................................................................................... 60
3.4 License Security ................................................................................................. 61
3.5 Stored Data Security .......................................................................................... 61
3.6 Main Server Folder Shares for Client and FEP Installations .............................. 62
3.7 Server Services .................................................................................................. 63
3.8 LMS – License Management System ................................................................ 66
3.9 Physical and Environmental Security ................................................................. 66
3.10 Incident Handling ................................................................................................ 66
3.11 Windows Hardening ........................................................................................... 67
3.12 Web Browser Security ........................................................................................ 68
3.13 Hardening Guidelines ......................................................................................... 71
3.13.1 D1: Unsecured Desktop ...................................................................... 71