×
Siemens Industry Online Support
Siemens AG
Entry type: Product note, Entry ID: 109755634, Entry date: 03/22/2018
(0)
Rate

Sales release of Whitelisting for SINUMERIK 840D/840D sl – end customers

  • Entry
  • Associated product(s)
The “McAfee Application Control” whitelisting software is being released for sale by Plant Security Services for selected SINUMERIK 840D/840D sl components with Windows operating systems. In support of this release, Siemens is to perform the installation.
These product notes are for SINUMERIK end customers. Separate product notes are available for machine builders/OEMs: 109755642


Product Description

  1. Whitelisting Software and Support

    With the “McAfee Application Control” software, only trustworthy applications can run on computer systems. These applications are defined in a whitelist. The execution of unknown applications, especially malware, is prevented.

     

    Basically, the “McAfee Application Control” software is installed on a client system to be protected, but it is usually managed from a central console (see section 2).








To ensure secure operation, especially in the case of SINUMERIK 840D/840D sl components, comprehensive knowledge is required to configure the whitelisting software for SINUMERIK. Installing the software without special configurations can have a negative effect on image rendering and controller behavior. Siemens acquired this knowledge through intensive cooperation with McAfee and extensive tests on SINUMERIK systems and has replicated it in special installation and configuration files.

The following SINUMERIK 840D/840D sl systems were tested for compatibility with McAfee Application Control:


 

Compatibility of McAfee Application Control with SINUMERIK
(Stand: 04 Dec 2018)

Hardware

Software

AC 5.1.2

AC 6.2.0

AC 7.0.1

AC 8.1

IPC 427E Windows 10 LTSB

SINUMERIK Operate 4.8 SP2

û

û

û

ü

IPC 427D Windows 7 SP1

SINUMERIK Operate 4.5 SP2 bis 4.8 SP2

û

û

ü

û

PCU 50.5 Windows 7 SP1

HMI PRO sl 4.5 SP3 HF12

û

û

ü

û

SINUMERIK Operate 4.5 SP2 bis 4.8 SP2

û

ü

ü

û

PCU 50.5 Windows XP SP3

SINUMERIK Operate 2.7 SP4 bis 4.8 SP1

û

ü

û

û

PCU 50.3 Windows XP SP2+

SINUMERIK Operate 2.6 SP1 bis 4.5 SP1

û

ü

û

û

HMI Advanced 06.04.33 bis 7.6 SP2

û

ü

û

û

PCU 50.2 Windows XP SP1+

HMI Advanced 06.03.30 bis 06.04.33

û

ü

û

û

PCU 50.2 Windows NT4 SP6

HMI Advanced 06.03.30 bis 06.04.33

ü

û

û

û


For more information on compatibilities, including with WinCC and TIA environments, refer to the following:

https://support.industry.siemens.com/cs/document/109750783

In addition to the software license, the “McAfee AC Windows Client Bundle” product described here (section 1) also includes updates as long as McAfee continues to make them available. In addition, long-term support is available through the Siemens Hotline without annual maintenance fees.

It is recommended that the software be installed only by appropriately trained experts (see sections 2 and 3).



2. Whitelisting Management Server Installation


The “McAfee ePolicy Orchestrator” central management console is recommended for the straightforward management of the whitelisting solution. The management console is installed on a Windows server system, configured, and equipped with the “McAfee Application Control” software package. If necessary, other software packages such as “McAfee VirusScan Enterprise” (not available for SINUMERIK) can be added.

Endpoint software packages can be installed on client systems and then managed via the central console. Software package updates and configurations can be easily performed on selected or all managed client systems via the central console.

Whitelisting Management Server Installation includes a license for the “McAfee ePolicy Orchestrator” central management software. At least one “McAfee AC Windows Client Bundle” (see section 1) software license is required to install the software packages on the client systems.

Installation of the whitelisting software itself is not part of this service but is performed via the “Whitelisting Client Installation” portfolio element (see section 3).



3. Whitelisting Client Installation

Ideally, the whitelisting software is installed on a client system that is to be protected via a whitelisting management server (see section 2).

Alternatively in the case of non-networked machines, Whitelisting Standalone Installation is possible without a whitelisting management server. However, this use case is more complex and therefore requires additional “Industrial Security Consulting.”

Each installation requires one “McAfee AC Windows Client Bundle” software license (see section 1).



 

 




Security information
In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.