2.3.4
System integrity
2.3.4.1
System hardening
Reduction of attack points
Network services and ports
Activated services represent a risk. To minimize the risk, only the necessary services for all of
the automation components should be activated. Ensure that all activated services are taken
into account (especially web servers, FTP, remote maintenance, etc.) in the security concept.
A description of the ports used can be found in the Manuals and Function Manuals of the
respective products.
User accounts
Any active user account allows access to the system is thus a potential risk. Therefore, take
the following security measures:
● Reduction of configured/activated user accounts to the actually needed minimum
● Use of secure access data for existing accounts
● Regular checks, especially of the locally configured user accounts
● Regular change of passwords
Passwords
NOTICE
Changing default passwords
The misuse of passwords can also represent a considerable security risk.
We recommend that default passwords be changed during the commissioning and changed
at regularly defined intervals as required.
Virus scanner
The use of a virus scanner must not impact the production operations of a plant. As the last
consequence, this will lead to even a virus-infected computer not being permitted to
immediately shut down if this would cause the control of the production process to be lost.
In order to be used on industrial control components, a virus scanner should therefore meet
the following requirements:
Industrial security
2.3 General security measures
SIMOTION P320-4 E / P320-4 S
Commissioning and Hardware Installation Manual, 11/2016
33