User Manual
Cybersecurity Concepts – How to Secure the System
Hardening Guidelines
3
A6V11646120_enUS_b_40
75 | 85
3.13.4 D4: Client/Server Application in a Secured
Location/Control Room
Applicability
Suitable and supported for IT security
If Desigo CC security prescriptions are applied.
Location of the physical server
Supervised control room desk and enclosure.
Topic
Required Hardening
Physical/virtual server exclusivity
Non-exclusive: a computer also used for regular
office tasks.
Physical server protective measures
Server machine locked in cabinet.
Unplug and theft protection.
Server protective measures (Software)
Disable interfaces with memory access (FireWire,
USB 3.1).
Encrypt the hard disk.
Continuously maintained and strong antivirus
protection.
Continuously maintained desktop firewalls.
Firewalls rules not on auto allowance, UPS needed.
FEP in enclosed environment (locked cabinet).
Server OS version and set up
Secure Windows OS installation.
Set up and maintain Windows security.
Keep Windows OS continuously updated by security
patches.
Enforce strong password policy.
Restrict access to users and to Desigo CC
applications.
Secured network configuration (for example,
managed access rights to network folders).
Client OS version and set up
Secure Windows OS installation.
Set up and maintain Windows security.
Keep Windows OS continuously updated by security
patches.
Enforce strong password policy.
Restrict access to users and to Desigo CC
applications.
Managed certificates and credentials.
Client protective measures (Software)
Disable interfaces with memory access (FireWire,
USB 3.1).
Continuously maintained and strong antivirus
protection.
Continuously maintained desktop firewalls.
Firewalls rules not on auto allowance.
Secure certificate store.
Set up all applications running on the client. Do not
store passwords locally.