Network security¶
This section applies to all user sessions in the Industrial Edge Ecosystem.
| Component | Purpose | Description |
|---|---|---|
| System firewall | Minimize attacks for Industrial Edge Devices (IED) | By default, on the IED only port 443 is open, protected through Transport Layer Security (TLS). Incoming traffic is routed through this port. Apps on the IED can open further ports on demand. By default, on the IEM the port 443/9433/9444 is exclusively open, and the customer can configure a specific port range for the relay server functionality. |
| Web interfaces | Common termination of TLS for all services | All web interfaces (except custom ports opened by apps) are secured through TLS 1.2 and strong cipher suites. Secure HTTP headers and cookies with Secure-Flag are applied on all web interfaces to mitigate common web vulnerabilities. |
| User authentication on web services | Allow only authenticated and authorized access to web services | IE provides a user authentication and authorization mechanism for HTTPS based communication that can be used by apps. Apps that open additional ports are responsible for securing the communication via these ports. |
| DoS | Denial-of-Service attacks | Internet facing services offered by Industrial Edge are protected against Denial-of-Service attacks. |