Siemens SIMATIC NET APE1404 구성 매뉴얼 - 페이지 12

{카테고리_이름} Siemens SIMATIC NET APE1404에 대한 구성 매뉴얼을 온라인으로 검색하거나 PDF를 다운로드하세요. Siemens SIMATIC NET APE1404 36 페이지. Application processing engine

페이지 인쇄
Siemens SIMATIC NET APE1404 구성 매뉴얼
1.3

Security Recommendations

To prevent unauthorized access to the module, note the following security recom-
mendations:
Hardware/Software
Authentication
RUGGEDCOM APE (Application Processing Engine)
Configuration Manual, 12/2019, C79000-G8976-1121-05
Before commissioning the RUGGEDCOM APE line module, apply the latest secu-
rity updates from Debian or from Microsoft as per standard Windows® 10 Enter-
prise update procedure. For more information on applying security updates from
Debian, refer to the user documention provided by Debian or Microsoft.
Before using the RUGGEDCOM APE, make sure all relevant CERT security advi-
sories and applications are applied. Security advisories that include links to ap-
plications are available on the
try.siemens.com/topics/global/en/industrial-security/news-alerts/Pages/alerts.as-
px]
or the
ProductCERT Security Advisories website [http://www.siemens.com/in-
novation/en/technology-focus/siemens-cert/cert-security-advisories.htm]. Up-
dates to Siemens Product Security Advisories can be obtained by subscribing to
the RSS feed on the Siemens ProductCERT SSecurity Advisories website, or by fol-
lowing @ProductCert on Twitter.
Only enable the services that will be used on the module, including physical
ports. Unused physical ports could potentially be used to gain access to the net-
work behind the module.
When using the Windows®-based version of the RUGGEDCOM APE, use Bitlocker
to avoid unauthorized access to sensitive information stored on the hard drive.
When using the Linux-based version of the RUGGEDCOM APE, add an adminis-
trative account, disable the root user on Debian Linux, and replace any default
passwords. For a list of default user profiles and passwords, refer to
to RUGGEDCOM APE (Page
To prevent unauthenticated access to the BIOS, configure a supervisor password
and set the user passwords . For more information, refer to
Password (Page
14)".
When using the Linux-based version of the RUGGEDCOM APE, ensure the GRUB
bootloader password is configured. For more information, refer to
GRUB Bootloader Password (Page
Use strong passwords. Avoid weak passwords such as password1, 123456789,
abcdefgh, etc.
Passwords should not be re-used across different usernames and systems, or af-
ter they expire.
Make sure to take appropriate precautions when shipping the module beyond
the boundaries of the trusted environment:
If SSH and SSL keys are configured, replace the existing keys with throwaway
keys prior to shipping.
If SSH and SSL keys are configured, take the existing keys out of service.
When the module returns, create and program new keys for the module.
Industrial Security website [http://www.indus-
11)".
16)".
1.3 Security Recommendations
"Logging in
"Setting the BIOS
"Setting the
Overview
3