Technical and organizational security measures To achieve security, a holistic approach is necessary: An adequate security concept must include the technology used, defined processes, and the people involved, i.e., it must specify both technological and organizational measures. Many but not all threats can be defended against with… Read More
NAT and port forwarding General information Network Address Translation (NAT) separates internal (private) and external (public) network areas. A NAT device (which is usually located at the network or zone border) exchanges public and private IP addresses. This way, all internal network addresses are hidden behind the… Read More
Network segmentation It is difficult to determine the protection needs of an entire plant and to implement protective measures on this basis. If an office network, factory network and, for example, production line networks are directly connected to each other, malfunctions and viruses can be spread directly over all… Read More
About this guideline Validity of this guideline The present documentation is not specifically related to any specific device or software version. It is rather to be understood as generic information which has to be supplemented by the related product-specific information given in the respective device manual or… Read More
Secure communication by encryption and authentication Main goals: integrity and authentication The implementations described in this chapter serve to pursue two main objectives of security engineering: to achieve data integrity and to authenticate users and data sources. Integrity: is the data unchanged? Checksums indicate the… Read More
ISO/IEC 27001 standard: security for traditional IT systems ISO/IEC 27001 is the leading international and most important standard regarding cyber-security of Information Technology (IT) systems. It describes the implementation of an Information Security Management System (ISMS) by providing clear guidelines for planning, implementing, monitoring, and improving your information… Read More
Port protection and port alerts Infected hardware, like USB sticks or laptops, can transfer malware to the network. The following measures can be taken to prevent this: Configure the port security function of the devices involved in a way that unknown devices cannot exchange data with the… Read More
Security from the operator’s view Introduction Note: Many requirements are listed in both standards IEC 62443-2-1 and ISO/IEC 27001 From a plant operator’s point of view, many requirements apply that are defined in both ISO/IEC 27001 (which deals with IT system security) and IEC 62443-2-1 (draft edition 2.0). Even… Read More
