User Documentation

Secure Configuration of Weidmüller Industrial Security Router Page 1

User Note:

Secure configuration of Weidmüller Industrial

Security Router

Measurements to protect networks and network devices against

unauthorized access.

1. Introduction

To use communicative devices in your application you should take technical and organizational

measures to ensure a secure operation. In particular to protect components, networks and systems

against unauthorized access of third parties.

This user note shall support you to configure your devices enabling them to provide a certain level

of security.

More information can be found at following websites

- ICS Security Compendium

- Remote maintenance in industrial environments

- ICS-CERT recommended practices

2. Recommended measures

2.1. Avoid exposing devices to public networks directly

• In case the Router is connected directly to a public network (e.g. via 4G) activate NAT

masquerading on the interfaces to hide local IP addresses.

2.2. Change default Password

• Change the default password during initial configuration of the device.

• Recommended is a password strength of at least 8 signs including small and capital

letters, numbers and special characters.

• Change the password regularly.

• Don’t use one password for several applications.

2.3. Update Firmware regularly

• Weidmüller provides regularly firmware updates for the products. You can find them at

the website or in the catalog.

• We recommend updating the devices as soon as there is new firmware available. You

can see in the update log if there are critical security fixes or function upgrades.

• Via u-link Remote Access Service there can be mass-updates performed remotely.

2.4. Change the Firewall (Packet Filter) settings

• Weidmüller Industrial Security Routers have a performant whitelisting firewall. That

means all communication that does not match to a rule top-bottom principle will be

dropped. The routers contain one firewall rule by factory default: “Allow All”.

Last visited on November 19

, 2018

PAGE 1
User Note: Secure configuration of Weidmüller Industrial Security Router Measurements to protect networks and network devices against unauthorized access. 1. Introduction To use communicative devices in your application you should take technical and organizational measures to ensure a secure operation. In particular to protect components, networks and systems against unauthorized access of third parties.
PAGE 2
• To improve security, make a list of communication which flows via the router. Then add these communication parameters to the Firewall setting for a whitelisting. When all required traffic is whitelisted delete the rule “Allow All” to ensure that other traffic will be blocked. • The SecureNow! function can assist you finding fitting firewall rules for your application. 2.5.