Ensuring a secure device network is extremely important in today’s world. While it is impossible to make a system completely
impenetrable without making it unusable, there are many ways to improve a system’s resistance to attacks.
CAUTION: Protect against unauthorized access by restricting physical access to the computers and devices that manage your building
model. Set up user authentication with strong passwords, and secure components by controlling permissions. Failure to observe
these recommended precautions could expose your network systems to unauthorized access and tampering.
- Software security begins with the latest software version. Patches and software upgrades should be installed as soon as they
are available.
- Physical security is crucial. All computer equipment and wiring should be secured in a restricted area. Only authorized users
should have access to Supervisor and controller hardware.
- If a network is configured for remote connectivity over the Internet, the most secure stations are those that are behind a
VPN gateway. A station exposed on the Internet is discoverable, and vulnerable to many types of potential attacks. If a network
is configured for remote connectivity over the Internet, all stations must be behind a VPN gateway. This ensures that systems
are not directly exposed to the Internet.
- To put a demonstration station on the Internet, create a separate demonstration zone. Stations exposed to the Internet should
not also be used to manage a device network.
- To provide network-based defense-in-depth, networks should be segmented into zones.
- All data transmission over wired and wireless connections should be secured with CA-signed digital certificates.
- If your company acts as its own CA (Certificate Authority), the company’s signed CA root certificate must be separately installed
in each station’s User Trust Store and in each browser’s trust store.
- The medium (usually a USB flash drive) used to store exported CA certificates and keys must be physically protected and stored
in a secure vault.
- High-traffic stations (especially stations that provide public access to a controller network) must use secure Niagarad with a separate certificate from that used for the FoxService and WebService.
- Each station must be backed up regularly. Embedded systems, such as JACE controllers write audit information to a rolling buffer. To avoid losing a station’s audit trail, audit histories should
be regularly exported to a Supervisor station.
- Do not rely on an NTP (Network Time Protocol) server that you do not directly control. If your system’s network depends on
an external NTP server for the time of day, and that server is compromised or spoofed, your system may be harmed.