Recommended Security Measures for Devices and Solutions
You have to protect components, networks, and systems against unauthorized access and ensure the integrity of data.
As a part of this, you must take organizational and technical measures to protect network-capable devices and solutions. These measures are listed below.
| Further Info
In addition to this topic, also read and observe the information given in the following topics |
Do not integrate components and systems into public networks
- Avoid integrating your components and systems into public networks.
- If you have to access your components and systems via a public network, use a VPN (Virtual Private Network).
Set up a firewall
- Set up a firewall to protect your networks and the components and systems integrated into them against external influences.
- Use a firewall to segment a network or to isolate a controller.
- Activate the built-in controller firewall, if implemented.
Deactivate unneeded communication channels
- Deactivate unnecessary communication channels (e.g., SNMP, FTP, BootP, DCP, etc.) on the components that you are using.
Take Defense-in-Depth strategies into consideration when planning systems
It is not sufficient to take measures that have only been considered in isolation when protecting your components, networks, and systems. Defense-in-Depth strategies encompass several coordinated measures that include operators, integrators, and manufacturers.
- Take Defense-in-Depth strategies into consideration when planning systems.
Restrict access rights
- Restrict access rights for components, networks, and systems to those individuals for whom authorization is strictly necessary.
- Deactivate unused user accounts.
Secure access
- Change the default login information after initial startup.
- Use secure passwords reflecting the complexity and service life recommended in the latest guidelines.
- Change passwords in accordance with the rules applicable for their application.
- Use a password manager with randomly generated passwords.
- Wherever possible, use a central user administration system to simplify user management and login information management.
Use secure access paths for remote access
- Use secure access paths such as VPN (Virtual Private Network) or HTTPS for remote access.
Activate security-relevant event logging
- Activate security-relevant event logging in accordance with the security directive and the legal requirements on data protection.
Use the latest firmware version
Yaskawa regularly provides firmware updates.
- Ensure that the firmware on all devices used is always up to date.
- Observe the Change Notes for the respective firmware version.
Use up-to-date security software
- Install security software on all PCs to detect and eliminate security risks such as viruses, trojans, and other malware.
- Ensure that the security software is always up to date and uses the latest databases.
- Use whitelist tools for monitoring the device context.
- Use an Intrusion-Detection system for checking the communication within your system.
Perform regular threat analyses
- Perform a threat analysis on a regular basis.
Secure access to SD cards
Devices with SD cards require protection against unauthorized physical access. An SD card can be read with a conventional SD card reader at any time. If you do not protect the SD card against unauthorized physical access (such as by using a secure control cabinet), sensitive data is accessible to all.
- Ensure that unauthorized persons do not have access to the SD card.
- When destroying the SD card, ensure that the data cannot be retrieved.
Refer to the topic "Controller Security (Settings via WBM)", section "SD card related setting" for details.