User Manual
Cybersecurity Concepts – How to Secure the System
Hardening Guidelines
3
A6V11646120_enUS_b_40
73 | 85
Connection to other services (for example, OPC
servers and clients)
Directly, through VLAN or customer networks:
customer is responsible for securing it. The
assumption is that the customer’s IT secures field
device connectivity.
Client Windows login
No autologon or professional KIOSK mode.
Desigo CC users
Use Windows authentication only.
Desigo CC client options
Any client options
3.13.3 D3: Client/Server Application in Office Environment
Applicability
Location of the physical server
On the desktop of one of the users in a controlled
office environment (not in a publicly accessible
area).
Physical/virtual server exclusivity
Non-exclusive: a computer also used for regular
office tasks.
Topic
Required Hardening
Physical server protective measures
Unplug and theft protection.
Server protective measures (Software)
Disable interfaces with memory access (FireWire,
USB 3.1).
Encrypt the hard disk.
Continuously maintained and strong antivirus
protection.
Continuously maintained desktop firewalls.
Firewalls rules not on auto allowance, UPS needed.
Server OS version and set up
Secure Windows OS installation.
Set up and maintain Windows OS security.
Keep Windows OS continuously updated by security
patches.
Enforce strong password policy.
Restrict access to users and to Desigo CC
applications.
Client OS version and set up
Secure Windows OS installation.
Set up and maintain Windows security.
Keep Windows OS continuously updated by security
patches.
Enforce strong password policy.
Restrict access to users and to Desigo CC
applications.
Managed certificates and credential.