User Documentation
Secure Configuration of Weidmüller Industrial Security Router Page 2
• To improve security, make a list of communication which flows via the router. Then add
these communication parameters to the Firewall setting for a whitelisting. When all
required traffic is whitelisted delete the rule “Allow All” to ensure that other traffic will be
blocked.
• The SecureNow! function can assist you finding fitting firewall rules for your application.
2.5. Perform access restrictions
• The device offers the possibility to create various user profiles which can obtain rights on
a granular level.
• Only grant access to the persons who need access with only those rights that are needed
for their tasks.
2.6. Deactivate unsecure communications
• Deactivate HTTP access of the router on all interfaces.
• Deactivate HTTPS access of the router on interfaces that are exposed to a public
network.
• SNMP is deactivated by default. If you use it, please make sure to use SNMP v3 and
choose a strong password instead of default.
2.7. Secure remote access
• For accessing your local network remotely, a Virtual Private Network (VPN) is
recommended.
• This can be done using an open technology as OpenVPN or IPsec or the Weidmüller
solution u-link Remote Access Service.
2.8. Secure physical access
• Secure physical access to the device by locking the cabinet and use a lockable service
interface such as FrontCom®.
• With the Port Lock function of Weidmüller Switches, service interfaces can be configured
to only allow specific MAC or IP addresses.
2.9. Defense-in-depth
• Secure configuration of a router is a first step in securing networks behind the router. Still
components in this network should be used and configured in a secure manner as well to
avoid a security breach on the lower network level.
2.10. Regular thread analysis
• Performing a thread analysis on a regular basis lowers the risk of vulnerabilities caused
by new technologies and changes in the surrounding networks
2.11. Security during Service
• Use up-to-date security software on the service PC’s accessing the network to prevent
malicious software to enter the network from the inner side
2.12. Report vulnerabilities
• Weidmüller has a Security Advisory Board dealing with vulnerabilities. Please report
these to us on this webpage so we can improve our firmware and close the potential
thread.