Use this guide as support when creating an IT security concept for a planned application. It does not replace the other publications that are available for the selected router.

Verify all information regarding IT security of the own application due to the individual nature of each single application.

Another important publications are:

1. Application concept designed to IT security

During conceptual design, consider ways to protect against the Top Ten security threats, as ranked by the BSI.

2. IT security functions of the router and default settings

3. Guide for securing the router

Use this Guide for securing the router to increase the IT security of the router. Depending on the nature of the application, other measures might be necessary. The concept phase of the application should be finished at this time already. These measures make no claim to be complete.

4. IT security checklist

Use this checklist to protect the application.

5. Critical Infrastructure requirements

Users who operate a so-called critical infrastructure (as per BSI KritisV) have the option to agree a dedicated communication and information flow for IT security-relevant issues with INSYS, e.g. for setting up an emergency plan. Critical infrastructures (CI, German abbreviation: KRITIS) are organizational and physical structures and facilities of such vital importance to a nation’s society and economy that their failure or degradation would result in sustained supply shortages, significant disruption of public safety and security, or other dramatic consequences. INSYS icom has many years of experience in CI (KRITIS) applications and thousands of devices in use in critical infrastructures, such as energy, health, information technology/telecommunications, media/culture, water and food. Do you need helpful material for an audit by the BSI or other IT security authority? Please contact your sales contact person of INSYS icom for this.

6. Interfaces

The INSYS routers provide different types of interfaces, physical interfaces, communication interfaces, user interfaces and service interfaces. The existing interfaces differ depending on type and variant of the router.

The physical interfaces contain the digital and analogue inputs and outputs of the router.

The communication interfaces contain the Ethernet switch, the modems for LTE, DSL and glass fiber as well as the serial interfaces.

The web interface and access to the command line (CLI) or the REST interface are available as user interfaces. Moreover, it is possible to dispatch messages via SMS, e-mail, SNMP or MCIP as well as receive and evaluate them

7. Maintaining the security

A secure configured router requires regular actions for maintaining the security. These include:

  • Regular certificate updates and maintaining certificate revocation lists (CRLs) - manually or via SCEP

  • Regular update of the router with the latest firmware

  • Regular check of our Security Advisories

  • Regular review of the encryption methods used and use of more up-to-date methods in case of weakening security

8. Secure decommissioning

Following the use of a router in an application, reset this to default settings in order to remove any information that is related to security, such as keys. However, it should be noted that the data is not completely deleted, but only the allocation table, so that the data could be recovered with appropriate effort and tools if there is physical access to the router. Do not sell or pass on a reset router therefore. Continue to use it in a new secure application under trusted conditions or direct it to a safe, trusted and certified disposal.

9. FAQs

The FAQs contain frequently asked questions and their answers.