Energy Access Expert for Villaya Flex Application – User Guide PDF

Security Hardening Guidelines

Device Hardening

Password management, user profile definition, and deactivation of unused services to strengthen security on devices. Controls against malware - detection, prevention, and recovery controls to help protect against malware are implemented and combined with appropriate user awareness.

Securing Network

NOTICE
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY
Use cybersecurity best practices to help prevent unauthorized access to the software.
Failure to follow these instructions can result in unintended data loss or loss of application function.

Improve security of networked devices by using multiple layers of cyber defense (such as firewalls, network segmentation, and network intrusion detection and protection). Disable unused ports or services and default accounts to help minimize pathways for malicious attackers.

To reduce the security risks associated with networks, follow these guidelines:

  • Use firewalls and other security devices or settings to limit access to the host network, based on your security risk assessment.

  • When using a firewall:

    Restrict communication to the expected ports, as per your network configuration. Only open those ports that are necessary for network communication.

  • When using network switches:

    Close or disable unused network ports to prevent unauthorized connection of network nodes or PLCs.

Securing PCs

Patching

NOTICE
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY
Apply the latest updates and hotfixes to your Operating System and software.
Failure to follow these instructions can result in unintended data loss or loss of application function.

Ensure all windows updates and hotfixes, especially windows security updates are regularly applied to machines running EcoStruxure Power Commission application.

Allowlisting

Zero-day cybersecurity attacks take place before a software vendor is aware of a cybersecurity misuse. This means that neither software, nor anti-virus programs have been created or updated to protect against the zero-day threat or attack. Application allowlisting is recommended to protect against zero-day attacks. This specifies an index of approved software applications and processes (in our case, EcoStruxure Power Commission application) that are permitted to be present and active on PC.

QR Code is a registered trademark of DENSO WAVE INCORPORATED in Japan and other countries.

Was this helpful?

Contact Information
Legal Information
Privacy Policy
Change your cookie settings