Security
The Security chapter provides information on how to reduce the risk of unauthorized access.
Signal panels like the one shown below highlight additional information throughout the documentation:
 | Tip or pointer This symbol indicates information that contributes to better understanding. |
Intended use
The Beckhoff Device Manager is used for Beckhoff IPC diagnostics. It enables monitoring of system values, which helps to prevent device downtimes. Since a customized BIOS is required for using the Beckhoff Device Manager, the Device Manager is only available for Beckhoff Industrial PCs and Embedded PCs.
The intuitive Device Manager website facilitates system configuration. The website is protected by a password, and access is encrypted (https). A standard administrator password specified by Beckhoff is applied on delivery. You should change this password to prevent unauthorized remote access to the system. Information on setting secure passwords is provided below.
Fundamental safety instructions
As a rule, it is important to prevent unauthorized persons from accessing the system. Various security measures are available for this purpose.
- Secure access to the system by means of certificates (e.g. ssh or OPC UA). Note that this only secures this type of access. If you want to prevent unauthorized access to the website, close TCP port 443 (https) in the system firewall. Please refer to the documentation for your operating system.
- Protect the system physically by keeping control cabinets locked and allowing access only to administrators and technicians. This reduces attacks on the system via data carriers.
- Train employees in the general handling of passwords and data carriers.
For more information, refer to the IPC security documentation.
Binding server certificate
If you already have a server certificate you want to use you have to follow the following steps to bind the certificate:
- 1. Rightclick on the Computer button in the Windows Startmenu and press Manage to open the "Computer Management" window.
- 2. Mark the website node in the Internet Information Services Manager navigation which contains the virtual directory for the TcAdsWebService and click on the Bindings… menu point in the appropriate Actions pane.
- 3. Press Add to open the "Add Site Binding" dialog.
- 4. In the "Add Site Binding" dialog, choose the following values (see figure below) to create a binding for the https protocol.
- A binding for the https protocol is now available in the "Site Bindings" dialog.
You can now connect to all virtual directories of your website over the http and the https protocol.
Follow the next steps, if you want to allow connection over the https protocol only:
- 1. Navigate to the TcAdsWebService virutal directory and open the "SSL/TLS Settings" window.
- 2. In the "SSL Settings" dialog check the Require SSL checkbox.
- The Internet Information Services will now only allow connections over the https protocol.
Secure passwords
Strong passwords are an important prerequisite for a secure system.
Please note the following points when assigning new passwords:
- Passwords should be unique for each user and service.
- Only change passwords after an incident in which passwords have become known without authorization.
- Train the device users in the use of passwords.
A secure password has the following characteristics:
- Password complexity: The password should contain capital and lower-case letters, numbers, punctuation marks and special characters.
- Password length: The password should be at least 10 characters long.
You can generate the password in different ways. An example is shown in the following table:
Procedure | Example |
|---|---|
Start with one or two sentences. | Complex passwords are more secure |
Remove the spaces. | Complexpasswordsaremoresecure |
Abbreviate words or add spelling mistakes. | Complxpasswordsarmorescure |
Insert numbers and special characters to extend the password. | KomlxPasswörtersinsicerer#529954# |
The following passwords are not secure:
- Words from a dictionary
- Words written backwards, common spelling mistakes, and abbreviations
- Repetitive sequences, e.g. 123456789 or abcdefgh
- Personal information, e.g. birthdays, ID numbers, telephone numbers