Observe the following when using a virus scanner:
● If you use an online virus scanner, then security-relevant or confidential data can get into
the wrong hands and be misused.
Therefore, do not check any security-relevant or confidential data via an online virus
scanner.
● Keep your virus scanner up-to-date. Always ensure that the virus scanner database is
always up-to-date.
● Do not install more than one virus scanner on a system at a time
● Always use a virus scanner when locally connecting with the plant or system network.
4.3.2
Whitelisting
The basic philosophy of whitelisting is that all applications are mistrusted, unless they have
been classified as trustworthy after an appropriate check. This means that a whitelist is
maintained in the system. This whitelist therefore contains all applications that have been
classified as trustworthy and consequently can be run on your PC systems.
Whitelisting mechanisms provide additional protection against undesired applications or
malware and unauthorized changes to installed applications or executable files (.exe, .dll).
4.3.3
Patch management
WSUS
The WSUS (Windows Server Update Service) system functionality provided by Microsoft is
available for current Windows systems. WSUS supports administrators by providing Microsoft
updates in large local networks. WSUS automatically downloads update packages (Microsoft
update) from the Internet and offers them to the Windows clients for installation.
The fully automatic update process ensures that Microsoft security updates are always
available on Siemens clients.
NOTICE
Security gaps for out-of-date operating systems
Note that security updates, hotfixes, etc. are no longer supplied by Microsoft for operating
systems < Windows 7. As a consequence, dangerous security gaps can occur with your
operating system.
● Therefore, use a whitelisting application.
General security measures
4.3 System integrity
Industrial Security
Configuration Manual, 08/2017, A5E36912609A
29