Security
Operating Manual PCOM sec br2
1004534-EN-04
| 10
3.3
Operating environment
The product has no measures to protect against physical manipulation and/or against read-
ing of memory content during physical access. Further, the product cannot secure the
devices in the protected network when the attacker has physical access to the entire net-
work. Therefore, the product in conjunction with the devices to be protected has to be in-
stalled in a lockable control cabinet. We recommend equipping the control cabinet with a
suitable lock and organising the access to the control cabinet.
Plant network
Client PC
(VPN client)
Internet
Firewall for production
or plant network
SecurityBridge
Protected
network
Company network
Client PC
(VPN client)
Unprotected network
Firewall for
company network
Fig.: Network overview
To implement the defense in depth concept provided, the product has to be arranged in the
network as shown in the figure "Network overview". The chapter
scribes the network protocols that the product uses to communicate with other systems.
Note these protocols when configuring your network environment.
The SecurityBridge cannot protect from network overload or flooding attacks in an unpro-
tected network. When the unprotected network is overloaded, the protected system may
not be accessible. Therefore, measures should be taken to protect the network infrastruc-
ture from flooding attacks or other overload situations.
The computer on which the VPN client and the configuration tool are run will have to be
protected by a firewall or other appropriate measures against attacks from the internet. Fur-
ther we recommend that you use a virus scanner on these computers. Protect the computer
from unauthorised use by assigning passwords, and taking further measures, if required.
We also recommend that the logged in user does not have administrator rights.