Professional Documents
Culture Documents
Application note
107913_en_03 © PHOENIX CONTACT 2020-09-07
1
Last accessed on 2020-02-12
2 Partly only available in German
2.4 Take Defense-in-Depth strategies into consid- 2.10 Use up-to-date security software
eration when planning systems
• Install security software on all PCs to detect and elimi-
It is not sufficient to take measures that have only been con- nate security risks such as viruses, trojans, and other
sidered in isolation when protecting your components, net- malware.
works, and systems. Defense-in-Depth strategies encom- • Ensure that the security software is always up to date
pass several coordinated measures that include operators, and uses the latest databases.
integrators, and manufacturers. • Use whitelist tools for monitoring the device context.
• Take Defense-in-Depth strategies into consideration • Use an Intrusion-Detection system for checking the
when planning systems. communication within your system.
2.5 Restrict access rights To protect networks for remote maintenance via
• Restrict access rights for components, networks, and VPN, Phoenix Contact offers, for example, the
systems to those individuals for whom authorization is mGuard product range of security appliances, a
strictly necessary. description of which you will find in the latest
• Deactivate unused user accounts. Phoenix Contact catalog
(phoenixcontact.net/products).
2.6 Secure access
2.11 Perform regular threat analyses
• Change the default login information after initial startup.
• Use secure passwords reflecting the complexity and To determine whether the measures you have taken still
service life recommended in the latest guidelines. provide adequate protection for your components, net-
works, and systems, threat analyses should be performed
• Change passwords in accordance with the rules appli-
regularly.
cable for their application.
• Perform a threat analysis on a regular basis.
• Use a password manager with randomly generated
passwords. 2.12 Secure access to SD cards
• Wherever possible, use a central user administration
system to simplify user management and login informa- Devices with SD cards require protection against unautho-
tion management. rized physical access. An SD card can be read with a con-
ventional SD card reader at any time. If you do not protect
2.7 Use secure access paths for remote access the SD card against unauthorized physical access (such as
by using a secure control cabinet), sensitive data is acces-
• Use secure access paths such as VPN (Virtual Private sible to all.
Network) or HTTPS for remote access.
• Ensure that unauthorized persons do not have access
to the SD card.
2.8 Activate security-relevant event logging
• When destroying the SD card, ensure that the data can-
• Activate security-relevant event logging in accordance not be retrieved.
with the security directive and the legal requirements on
data protection.
107913_en_03 PHOENIX CONTACT GmbH & Co. KG • Flachsmarktstraße 8 • 32825 Blomberg • Germany 3/3
phoenixcontact.com