Manualshelf

User Instructions

ManualsBrandsSOCOMEC ManualsElectronicsDIRIS Digiware
12345678910
8 EN
DIRIS Digiware M-50 & M-70 - 548751C - SOCOMEC
4. CYBER SECURITY RECOMMENDATIONS AND BEST
PRACTICES*
The DIRIS Digiware M-50/M-70, as any device connected to a user’s Ethernet network, must be protected against any
risk of cyber-attack or data loss/destruction.
(*) Our M-50/M-70 gateways provide certain cyber security features to prevent these attacks and to help users in their
responsibility to implement and guarantee adequate IT protection. Some recommendations are listed in the following
paragraphs. Make sure they are in line with your IT security policy:
Awareness of the security policy: Users and administrators of DIRIS Digiware M-xx gateways and
WEBVIEW-M must be aware of and trained in proper IT security practice (information and compliance
with corporate security policy, authentication procedure management and password safety, online session
management, risks of shing…).
Network security: The IT system architecture must be able to safeguard resources, by segmenting the
network according to their degree of sensitivity and using a variety of protective devices (rewall, demilitarised
zone, VLAN, network anti-virus etc.).
How DIRIS Digiware M-50/M-70 gateways can help:
By forcing the user to use secure versions of standard communication protocols:
- FTPS: secure export of data
- SMTPS: secure email notication in case of alarms
- SNMPv3: secure version of the SNMP communication protocol
- HTTPS: secure webserver navigation (WEBVIEW-M) by uploading TLS/SSL certicates
> Refer to paragraph 10.3.2 & 10.3.3 for more information on how to upload digital certicates.
With their rewall, to monitor and control incoming/outgoing trafc: this protects the DIRIS Digiware M-50/M-70
gateways in case of denial-of-service (ooding) attacks, in order to guarantee service continuity of the gateway.
> Refer to paragraph 10.3.4 for more information on how to congure the rewall protection.
Device security: Device security depends on its network environment, but also user behaviour. In terms of
the environment, elementary protective measures (ltering authorised stations by MAC address, opening
service ports, selecting authorised applications etc.) are highly recommended. Greater precaution is required
on managing removable media (external hard drive, USB ash drive, wireless communication provision etc.).
Finally, in terms of a server like the DIRIS Digiware M-50/M-70, it should be protected by controlling and
limiting physical access to the rooms and cabinets hosting the device.
How DIRIS Digiware M-50/M-70 gateways can help:
DIRIS Digiware M-50/M-70 gateways reduce the attack exposure by blocking or restraining the access to certain
peripherals and services that are not essential to the customer use case.
> Refer to paragraph 10.3.1 for more information on how to congure your gateway’s security policy.
Moreover, the rmware and webserver applications are signed with an asymmetrical key to make sure any rmware
upgrade uses the correct matching signature to allow the device to be upgraded. This prevents the diversion of the
device from its intended use by Socomec (by uploading a dummy rmware for instance) and guarantees that the
rmware stays without virus over time.