User Manual

Cybersecurity Concepts – How to Secure the System

IT Security

60 | 85

A6V11646120_enUS_b_40

3.2 IT Security

NOTICE

The owner of the Desigo CC system is responsible for establishing and maintaining

appropriate IT security, in particular by applying virus scanners, deactivating

unneeded services and network ports, and by regular patching and updating the

operating system and all installed applications.

3.3 Communication Security

The communication between web clients and the web server (IIS) is always encrypted.

The runtime data transfer between a FEP and the system server, between the system

server and a web server, and between the system server and installed clients may be

encrypted as an option.

The file transfer between the system server and installed clients and between the

system server and a web server is unencrypted for performance reasons.

The communication between the system server and the History Database is

unencrypted for performance reasons.

Sensitive data (such as, passwords during authentication or user management

configuration) is transferred as encrypted content between the Desigo CC clients and

the system server (regardless of the communication encryption).

Self-signed certificates are supported to allow local deployments without the

overhead of obtaining commercial certificates. When using self-signed certificates,

the owner of the Desigo CC system is responsible for maintaining their validity

status, and for manually adding them to and removing them from the list of trusted

certificates.

Self-signed certificates may only be used in accordance with local IT regulations

(some CIO organizations do not allow them, and network scans will identify them).

Importing of commercial certificates follows the same procedures.

Wireless input devices (especially keyboards) use radio transmission that is often

not or inadequately cryptographically protected. Even from greater distances, it is

possible to listen in or even plant external data into the system. The use of wireless

input devices should be avoided when used in high security environments. If the use

of wireless input devices is absolutely necessary, use only devices with proven

encryption.

With version 4.0, the Bluetooth (BT) standard includes an encryption mechanism

(AES128). In order to be effective, all devices must use BT 4.0. Users should also

observe the information provided by the manufacturer.