User Manual
Network Security Controls
Protected System Configuration Concept
2
26 | 85
A6V11646120_enUS_b_40
2 Network Security Controls
The following sections detail the concept of a protected system configuration as well
as specific use cases. The network security-related controls aim at mitigating the risk
of exploitation of possible Desigo CC vulnerabilities.
To enhance security, follow the policies of your company as well as any national
legislations or international standards, such as ISO/IEC 27002 and IEC62443.
2.1 Protected System Configuration Concept
The Desigo CC system is a critical business application and must be protected from
attacks and unauthorized access.
Desigo CC (server) should be operated in a separated network zone further called
backbone. Desigo CC (web server) should also be operated in a separated zone
called DMZ (demilitarized zone).
The components in the DMZ and backbone zones should not be connected to other
networks (for example, intranet or internet), with the exception of the required
connections detailed in this document. Required connections are those to the clients
in the Office network and DMZ. The communication between DMZ and backbone and
other zones should be limited to the necessary minimum by means of a firewall.
NOTICE
Insecure Networks
Connections between computers in backbone level and insecure networks like the
internet or any other networks can compromise the security of the system.