Use this overview as support when creating an IT security concept for a planned application. It does not replace the other publications that are available for the selected router.

Verify all information regarding IT security of the own application due to the individual nature of each single application.

Another important publications are:

1. Application concept designed to IT security

Consider already during conceptual design of the application these questions regarding IT security, which have been identified by the BSI as the top ten of dangerous threads.

2. IT security functions of the router and default settings

3. Guide for securing the router

Use this Guide for securing the router to increase the IT security of your router. Depending on the nature of the application, other measures might be necessary. The concept phase of the application should be finished at this time already. These measures make no claim to be complete.

If your application has particularly high requirements to IT security, e.g. for the use in critical infrastructure, use the Secure Configuration Guide. This demonstrates you how to configure the device in compliance with the accelerated security certification of the German Federal Office for Information Security (BSI).

4. IT security checklist

Use this checklist to protect the application.

5. KRITIS requirements

Critical infrastructures (as per BSI KritisV) are organizational and physical structures and facilities of such vital importance to a nation’s society and economy that their failure or degradation would result in sustained supply shortages, significant disruption of public safety and security, or other dramatic consequences. INSYS icom has many years of experience in CI (KRITIS) applications and thousands of devices in use in critical infrastructures, such as energy, health, information technology/telecommunications, media/culture, water and food. Do you need helpful material for an audit by the BSI or other IT security authority? Refer to our information regarding IT Security an. The Secure Configuration Guide demonstrates you how to configure the device in compliance with the accelerated security certification of the German Federal Office for Information Security (BSI).

6. Interfaces

The INSYS routers provide different types of interfaces, physical interfaces, communication interfaces, user interfaces and service interfaces. The existing interfaces differ depending on type and variant of the router.

The physical interfaces contain the digital and analogue inputs and outputs of the router.

The communication interfaces contain the Ethernet switch, the modems for LTE, DSL and glass fiber as well as the serial interfaces.

The web interface and access to the command line (CLI) or the REST interface are available as user interfaces. Moreover, it is possible to dispatch messages via SMS, e-mail, SNMP or MCIP as well as receive and evaluate them

7. Maintaining the security

A secure configured router requires regular actions for maintaining the security. These include:

  • Regular certificate updates and maintaining certificate revocation lists (CRLs) - manually or via SCEP

  • Regular update of the router with the latest firmware

  • Regular check of our Security Advisories

  • Regular review of the encryption methods used and use of more up-to-date methods in case of weakening security

8. Secure decommissioning

After using the router in a safety-critical application, delete all data on it. If you only reset the device to default settings, the data will not be completely deleted, but only the allocation table, so that the data could be recovered with appropriate effort and tools if there is physical access to the router. Therefore, a router reset to default settings, must not be sold or passed on.

For this reason, use the function for Safe decommissioning of the router (available from icom OS version 6.1). This will also delete the complete firmware from the router. Only a rudimentary rescue system will remain on the router, which can be accessed via the address and enables the router to be restored.

  1. Open for this the web interface of the router in a browser: [1] and click in the AdministrationReset menu on the Enable safe decommissioning slider and then on the   NOW SAFELY TAKE DECOMMISSIONING   button

9. FAQs

The FAQs contain frequently asked questions and their answers.

1. Login depending on configuration; default for earlier firmware versions: User name: insys, Password: icom