User Manual
Cybersecurity Concepts – How to Secure the System
Hardening Guidelines
3
A6V11646120_enUS_b_40
71 | 85
3.13 Hardening Guidelines
This section defines the minimal hardening measures that must be applied for each of
the reference deployments in order to comply with Desigo CC requirements and
therefore meet Security Level 1 (SL1).
3.13.1 D1: Unsecured Desktop
IT Security Level 1 for Desigo CC cannot be achieved at this level of hardening.
Therefore, do not use it without an express written waiver of responsibility by the
customer.
Measures or Description
Location of the physical server
On desktop where access by uncontrolled persons
is possible.
Physical/virtual server exclusivity
Non-exclusive: a computer also used for normal
office tasks, including private surfing on the Internet.
Physical server protective measures
None
Server protective measures (Software)
Standard antivirus and standard desktop firewall
configuration (auto allowance ON), maintained.
Server OS version and set up
Off-the-shelf Windows installation
Client OS version and set up
n/a
Client protective measures (Software)
n/a
Connection for clients inside the customer network
n/a
Connection for clients outside the customer network
(Remote access)
Through remote desktop
Printers connectivity
Yes
IT skills of users
Low
IT skills of system administrators
Low
IT skills of network administrators
Low
IT skills of the installer (BT or VAP)
Low
Field devices connectivity
Directly on the customer network
Connection to other services (for example, OPC
servers and clients)
Directly on the customer network
Client Windows login
Administrative autologon
Desigo CC users
Desigo CC authentication
Desigo CC client options
Any client options