Use this overview as support when creating an IT security concept for a planned application. It does not replace the other publications that are available for the selected router.
|Verify all information regarding IT security of the own application due to the individual nature of each single application.|
Another important publications are:
1. Application concept designed to IT security
2. IT security functions of the router and default settings
Overview of different security functions of the router and its default settings
3. Guide for securing the router
Use this Guide for securing the router to increase the IT security of your router. Depending on the nature of the application, other measures might be necessary. The concept phase of the application should be finished at this time already. These measures make no claim to be complete.
If your application has particularly high requirements to IT security, e.g. for the use in critical infrastructure, use the Secure Configuration Guide. This demonstrates you how to configure the device in compliance with the accelerated security certification of the German Federal Office for Information Security (BSI).
4. IT security checklist
Use this checklist to protect the application.
5. KRITIS requirements
Critical infrastructures (as per BSI KritisV) are organizational and physical structures and facilities of such vital importance to a nation’s society and economy that their failure or degradation would result in sustained supply shortages, significant disruption of public safety and security, or other dramatic consequences. INSYS icom has many years of experience in CI (KRITIS) applications and thousands of devices in use in critical infrastructures, such as energy, health, information technology/telecommunications, media/culture, water and food. Do you need helpful material for an audit by the BSI or other IT security authority? Refer to our information regarding IT Security an. The Secure Configuration Guide demonstrates you how to configure the device in compliance with the accelerated security certification of the German Federal Office for Information Security (BSI).
The INSYS routers provide different types of interfaces, physical interfaces, communication interfaces, user interfaces and service interfaces. The existing interfaces differ depending on type and variant of the router.
The physical interfaces contain the digital and analogue inputs and outputs of the router.
The communication interfaces contain the Ethernet switch, the modems for LTE, DSL and glass fiber as well as the serial interfaces.
The web interface and access to the command line (CLI) or the REST interface are available as user interfaces. Moreover, it is possible to dispatch messages via SMS, e-mail, SNMP or MCIP as well as receive and evaluate them
7. Maintaining the security
A secure configured router requires regular actions for maintaining the security. These include:
Regular certificate updates and maintaining certificate revocation lists (CRLs) - manually or via SCEP
Regular update of the router with the latest firmware
Regular check of our Security Advisories
Regular review of the encryption methods used and use of more up-to-date methods in case of weakening security
8. Secure decommissioning
After using the router in a safety-critical application, delete all data on it. If you only reset the device to default settings, the data will not be completely deleted, but only the allocation table, so that the data could be recovered with appropriate effort and tools if there is physical access to the router. Therefore, a router reset to default settings, must not be sold or passed on.
For this reason, use the function for Safe decommissioning of the router (available from icom OS version 6.1). This will also delete the complete firmware from the router. Only a rudimentary rescue system will remain on the router, which can be accessed via the address http://184.108.40.206 and enables the router to be restored.
The FAQs contain frequently asked questions and their answers.