Manualshelf

User Documentation

ManualsBrandsWeidmueller ManualsAutomation & SoftwareIE-SR-2GT-LTE/4G-EU
12
Secure Configuration of Weidmüller Industrial Security Router Page 2
To improve security, make a list of communication which flows via the router. Then add
these communication parameters to the Firewall setting for a whitelisting. When all
required traffic is whitelisted delete the rule “Allow All” to ensure that other traffic will be
blocked.
The SecureNow! function can assist you finding fitting firewall rules for your application.
2.5. Perform access restrictions
The device offers the possibility to create various user profiles which can obtain rights on
a granular level.
Only grant access to the persons who need access with only those rights that are needed
for their tasks.
2.6. Deactivate unsecure communications
Deactivate HTTP access of the router on all interfaces.
Deactivate HTTPS access of the router on interfaces that are exposed to a public
network.
SNMP is deactivated by default. If you use it, please make sure to use SNMP v3 and
choose a strong password instead of default.
2.7. Secure remote access
For accessing your local network remotely, a Virtual Private Network (VPN) is
recommended.
This can be done using an open technology as OpenVPN or IPsec or the Weidmüller
solution u-link Remote Access Service.
2.8. Secure physical access
Secure physical access to the device by locking the cabinet and use a lockable service
interface such as FrontCom®.
With the Port Lock function of Weidmüller Switches, service interfaces can be configured
to only allow specific MAC or IP addresses.
2.9. Defense-in-depth
Secure configuration of a router is a first step in securing networks behind the router. Still
components in this network should be used and configured in a secure manner as well to
avoid a security breach on the lower network level.
2.10. Regular thread analysis
Performing a thread analysis on a regular basis lowers the risk of vulnerabilities caused
by new technologies and changes in the surrounding networks
2.11. Security during Service
Use up-to-date security software on the service PC’s accessing the network to prevent
malicious software to enter the network from the inner side
2.12. Report vulnerabilities
Weidmüller has a Security Advisory Board dealing with vulnerabilities. Please report
these to us on this webpage so we can improve our firmware and close the potential
thread.