manualshive.com logo in svg

GE IPC2018, Deployment Manual

The GE IPC2018 Deployment Manual is a comprehensive and essential guide that provides step-by-step instructions for setting up and utilizing the GE IPC2018 product. This manual is available for free download from manualshive.com, ensuring easy access to valuable information to enhance your product experience.

Share
Download
background image

2.5

Checklist

This section provides a sample checklist to help guide the process of securely deploying IPC2018 IPC products.

1.

Create or locate a network diagram.

2.

Identify and record the required communication paths between nodes.

3.

Identify and record the protocols required along each path, including the role of each node.

4.

Revise the network as needed to ensure appropriate partitioning, adding firewalls or other network security devices as
appropriate. Update the network diagram. (Refer to the chapter

Network Architecture and Secure Deployment

.)

5.

Configure firewalls and other network security devices

6.

Enable and/or configure the appropriate security features on each module.

7.

For each module, change every supported password to something other than its default value.

8.

Harden the configuration of each module, disabling unneeded features, protocols and ports.

9.

Test/qualify the system.

10.

Create an update/maintenance plan.

Note

Secure deployment is only one part of a robust security program. This document, including the checklist above, is

limited to only providing secure deployment guidance. For more information about security programs in general, refer to the
section

Additional Guidance

.

10

GFK-3015

IPC2018 IPC Secure Deployment Guide

For public disclosure

Summary of Contents for IPC2018

Page 1: ...GFK 3015 IPC2018 Industrial PC IPC Secure Deployment Guide June 2017 For public disclosure ...

Page 2: ...rnishing of this document does not provide any license whatsoever to any of these patents Public This document is approved for public disclosure GE provides the following document and the information included therein as is and without warranty of any kind expressed or implied including but not limited to any implied statutory warranty of merchantability or fitness for particular purpose For furthe...

Page 3: ...rsonal injury or death Caution Indicates a procedure or condition that if not strictly observed could result in damage to or destruction of equipment Attention Indicates a procedure or condition that should be strictly followed to improve these applications GFK 3015 Secure Deployment Guide 3 For public disclosure ...

Page 4: ... of support English Europe not Germany Middle East and Africa EMEA Phone 800 1 433 2682 EMEA Direct Dial 420 23 901 5850 if toll free 800 option is unavailable or dialing from a mobile telephone Technical Support Email support emea ip ge com Customer Care Email customercare emea ip ge com Primary languages of support English French Italian Czech Spanish Germany Phone 49 821 5034 170 Technical Supp...

Page 5: ...tform Configuration and Hardening 11 4 Network Architecture and Secure Deployment 13 4 1 Reference Architecture 13 4 2 Demilitarized Zones DMZ 13 5 Other Considerations 15 5 1 Anti virus software 15 5 2 Data Execution Prevention DEP 15 5 3 Patching 15 5 3 1 Patching GE Proficy Software 15 5 3 2 Patching third party Software 15 5 4 Additional Guidance 16 5 4 1 Protocol specific Guidance 16 5 4 2 Go...

Page 6: ...Notes 6 GFK 3015 IPC2018 IPC Secure Deployment Guide For public disclosure ...

Page 7: ...ion RXi2 EPxxxxxxxxxx IPC2018 with bC6L17 R2Xxxxxxxxxxx IPC2018 with bC6L18 Caution The controllers and supervisory level computers covered in this document were not designed for or intended to be connected directly to any wide area network including but not limited to a corporate network or the Internet at large Additional routers and firewalls such as supplied with the NetworkST 4 0 option that ...

Page 8: ...Notes 8 GFK 3015 IPC2018 IPC Secure Deployment Guide For public disclosure ...

Page 9: ...ploit vulnerabilities in each layer of defense that protects an asset For example if a system is protected because it is on a network protected by a firewall the attacker only needs to circumvent the firewall to gain unauthorized access However if there is an additional layer of defense say a username password authentication requirement now the attacker needs to find a way to circumvent both the f...

Page 10: ...Secure Deployment 5 Configure firewalls and other network security devices 6 Enable and or configure the appropriate security features on each module 7 For each module change every supported password to something other than its default value 8 Harden the configuration of each module disabling unneeded features protocols and ports 9 Test qualify the system 10 Create an update maintenance plan Note ...

Page 11: ...with vendor recommendations or industry standards The following organizations publish best practices checklists benchmarks and other resources for securing systems System Security Resources Organization Website Center for Internet Security CIS http www cisecurity org National Institute of Standards and Technology NIST http checklists nist gov Microsoft http technet microsoft com security default a...

Page 12: ...Notes 12 GFK 3015 IPC2018 IPC Secure Deployment Guide For public disclosure ...

Page 13: ...cations are authenticated and exposed in a limited fashion using web based applications and reporting capabilities 0 1 Network Architecture 4 2 Demilitarized Zones DMZ A DMZ architecture uses two firewalls to isolate servers that are accessible from untrusted networks Never expose an iFIX SCADA node directly to the internet Instead place a relay server or WebSpace in a DMZ configuration For additi...

Page 14: ...Notes 14 GFK 3015 IPC2018 IPC Secure Deployment Guide For public disclosure ...

Page 15: ...ed protection against the exploitation of application security vulnerabilities such as buffer overflows In the event there is a Proficy product defect discovered while running DEP GE will make all reasonable efforts to provide a solution 5 3 Patching 5 3 1 Patching GE Proficy Software GE recommends that customers keep Proficy software up to date by applying the latest Software Improvement Module S...

Page 16: ... including how to securely deploy and use Control Systems For example the U S Department of Homeland Security has published guidance on Secure Architecture Design and on Recommended Practices for cyber security with Control Systems Such documentation when appropriate should be considered in addition to this document Similarly the International Society of Automation publishes the ISA 99 specificati...

Page 17: ......

Page 18: ...Automation Controls 1 800 433 2682 1 434 978 5100 www geautomation com GFK 3015 For public disclosure ...

Reviews:

No comments

Related manuals for IPC2018

ABB 2 Series Operation And Installation Manual preview
2 Series
Brand: ABB Pages: 85
TAS 3012 User Manual preview
3012
Brand: TAS Pages: 25
HALDER EH 22352 Short Instruction Manual preview
EH 22352
Brand: HALDER Pages: 2
Zehnder Rittling ComfoFond-L Installation Manual preview
ComfoFond-L
Brand: Zehnder Rittling Pages: 32
Jäger Z62-M260.23 S5 Manual preview
Z62-M260.23 S5
Brand: Jäger Pages: 36
Commercial Electric 5018-WH Installation Manual preview
5018-WH
Brand: Commercial Electric Pages: 2
SCHUNK LPE 100 Assembly And Operating Manual preview
LPE 100
Brand: SCHUNK Pages: 24
GBC BOILER 1-4 E Instruction Manual preview
BOILER 1-4 E
Brand: GBC Pages: 59
U-Line Newair Instant Bubble Flex Machine Manual preview
Newair Instant Bubble Flex Machine
Brand: U-Line Pages: 30
Proceq ZUA 2000 Instruction Manual preview
ZUA 2000
Brand: Proceq Pages: 20
Hammerhead 100XTR Operator'S Manual preview
100XTR
Brand: Hammerhead Pages: 103
Cantek JDT-65 Operations & Parts Manual preview
JDT-65
Brand: Cantek Pages: 28
Syntron Material Handling J-1-D Service Instructions Manual preview
J-1-D
Brand: Syntron Material Handling Pages: 7
Tapco Windy SP PORT-O-BRAKE Operation Manual preview
Windy SP PORT-O-BRAKE
Brand: Tapco Pages: 11
EC POWER XRGI 6 Commissioning Instruction preview
XRGI 6
Brand: EC POWER Pages: 50
f-tronic JUMBO Series Assembly Instructions Manual preview
JUMBO Series
Brand: f-tronic Pages: 8
THORLABS PY004 User Manual preview
PY004
Brand: THORLABS Pages: 29
Eaton TE series Installation & Service Manual preview
TE series
Brand: Eaton Pages: 28

Brands by name

Popular brands

Load more brands