Table of Contents
Advertisement
16
Document any changes from time-tested methods.
If your system does not allow one of these time-tested methods to be used, you
should document this. For example, if special symbols such as the equals sign "="
are not allowed in passwords.
Un
2.3
Preventing unauthorized external access using a firewall
To reduce the risk for your network, we recommend that you use a firewall or another mechanism
to restrict network traffic between the "external" central billing or control system and the "internal"
network of the gas metering systems. Furthermore, EK devices should only be installed in the gas
metering system, where access control is guaranteed, i.e., protective action is taken to prevent
unauthorized persons gaining access to the device.
We also recommend that you only allow protocols and ports which are actually used for data
exchange with the external network and that these are added, for example, to the firewall's
whitelist.
Refer to the information in section 2.4 Data security for data at rest and in transit.
Fig. 1: Router and firewall between the metering systems and control centre – example with
indication of security zones L0..L3 and higher according to IEC 62443
General
Advertisement
Table of Contents
