Certificates What are certificates used for? Certificates can be used for the following: Securing communication connections between participants in your ICS. Participants can be, for example: Devices used to build automation infrastructures and systems (such as PLCnext Technology controllers, switches, etc.). Server and client… Read More
Network segmentation It is difficult to determine the protection needs of an entire plant and to implement protective measures on this basis. If an office network, factory network and, for example, production line networks are directly connected to each other, malfunctions and viruses can be spread directly over all… Read More
Phoenix Contact industrial security guideline Introduction The increasing interconnection of systems, components, and devices as well as the growing amount of data to be transmitted and stored (in a word: the achievements of Industry 4.0) result in a higher risk of cyber attacks. This is also promoted… Read More
Checksums and signatures Checksums Checksums indicate the integrity of data thus allowing (accidental) modification detection. By verifying checksums, manipulations and data corruption can be detected. Checksums are calculated over valid, verified and non-corrupted data. When calculating the checksum again with the same algorithm (e.g., after a… Read More
Port protection and port alerts Infected hardware, like USB sticks or laptops, can transfer malware to the network. The following measures can be taken to prevent this: Configure the port security function of the devices involved in a way that unknown devices cannot exchange data with the… Read More
Restricted mobile access: protecting a WLAN by password Unauthorized smart devices must not be able to connect themselves via the WLAN interface. For that reason, your strict password rules should also apply to all wireless access points in your ICS. WLAN components from Phoenix Contact enable automated… Read More
About this guideline Validity of this guideline The present documentation is not specifically related to any specific device or software version. It is rather to be understood as generic information which has to be supplemented by the related product-specific information given in the respective device manual or… Read More
VPN Via open Internet connections, criminals can copy data or make changes to the system. Using firewalls, the access to automation systems from the external networks can be restricted to authorized connections. In addition, remote connections via the Internet should always be encrypted, for example via a… Read More
Protection of project data on the hard disk and during transfer Engineering and parameterization tools (e.g. PLCnext Engineer) often store plain, i.e., unencrypted project data on the harddisk of your computer. The data is therefore unprotected against tampering and theft. Use a suitable encryption method: to… Read More
Plant management Making (physical) on-site access controllable In addition to the remote access, the “physical access” on site must also be controlled and restricted if necessary. To prevent damage due to unauthorized access: Make sure that only authorized access is possible. Protect the interfaces by… Read More
