TeSys Active TeSys Tera Motor Management System – DTM Library Online Help Guide PDF
DOCA0275EN-01

Security Hardening Guidelines

Introduction

Your PC can run a variety of applications to enhance security in your control environment. The system has factory default settings that require reconfiguration to align with Schneider Electric's device hardening recommendations of the defense-in-depth approach.

The following guidelines describe procedures in a Windows operating system. They are provided as examples only. Your operating system and application may have different requirements or procedures.

Disabling the Remote Desktop Protocol

Schneider Electric’s defense-in-depth approach recommendations include disabling remote desktop protocol (RDP) unless your application requires the RDP.

In Windows 11, remote desktop protocol (RDP) is disabled using Settings > System > Remote Desktop > Enable Remote Desktop (toggle to Off).

Updating Security Policies

Update the security policies on the PCs in your system by gpupdate in a command window. For more information, refer to the Microsoft documentation on gpupdate.

Managing Updates

Before deployment, update all PC operating systems using the utilities on Microsoft’s Windows Update Web page. To access this tool in Windows, select Start > All Programs > Windows Update.

Workstation Protection

To reduce the security risks associated with the engineering workstation, enable the memory exploit settings such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). These security settings can be enabled by using the system exploit protection settings in Windows 11 operating system. For more information, refer to the Microsoft security features web page.

Enforce Secure Passwords

Use strong passwords meeting the required elements such as uppercase letters, lowercase letters, numbers, and special characters. Enabling this feature helps prevent unauthorized access by reducing the risk of weak passwords.

Use of Non-Default Ports 

Changing the default communication ports for protocols such as HTTPS, DWPS, and Modbus TCP adds an additional layer of security.

IP Allow List

The IP allow list feature restricts access to the system by permitting only specified IP addresses. This helps prevent unauthorized devices from connecting to the system and ensures that only trusted sources can communicate with the TeSys Tera system. To access the IP allow list feature, navigate to Security > IP Allow List > IP Allow List in the Standard Web Server.

QR Code is a registered trademark of DENSO WAVE INCORPORATED in Japan and other countries.

Was this helpful?

Contact Information
Legal Information
Privacy Policy
Change your cookie settings