UserNote:
SecureconfigurationofWeidmüllerIndustrial
SecurityRouter
Measurementstoprotectnetworksandnetworkdevicesagainst
unauthorizedaccess.
1.Introduction
Tousecommunicativedevicesinyourapplicationyoushouldtaketechnicalandorganizational
measurestoensureasecureoperation.Inparticulartoprotectcomponents,networksandsystems
againstunauthorizedaccessofthirdparties.
Thisusernoteshallsupportyoutoconfigureyourdevicesenablingthemtoprovideacertainlevel
ofsecurity.
1
Moreinformationcanbefoundatfollowingwebsites:
-ICSSecurityCompendium
-Remotemaintenanceinindustrialenvironments
-ICS-CERTrecommendedpractices
2.Recommendedmeasures
2.1.Avoidexposingdevicestopublicnetworksdirectly
?IncasetheRouterisconnecteddirectlytoapublicnetwork(e.g.via4G)activateNAT
masqueradingontheinterfacestohidelocalIPaddresses.
2.2.ChangedefaultPassword
?Changethedefaultpasswordduringinitialconfigurationofthedevice.
?Recommendedisapasswordstrengthofatleast8signsincludingsmallandcapital
letters,numbersandspecialcharacters.
?Changethepasswordregularly.
?Don’tuseonepasswordforseveralapplications.
2.3.UpdateFirmwareregularly
?Weidmüllerprovidesregularlyfirmwareupdatesfortheproducts.Youcanfindthemat
thewebsiteorinthecatalog.
?Werecommendupdatingthedevicesassoonasthereisnewfirmwareavailable.You
canseeintheupdatelogiftherearecriticalsecurityfixesorfunctionupgrades.
?Viau-linkRemoteAccessServicetherecanbemass-updatesperformedremotely.
2.4.ChangetheFirewall(PacketFilter)settings
?WeidmüllerInd