Security Recommendations

Servers

The Web HMI server machines must not initiate outbound connections.

Low-level Privileges in Runtime

Use low-level privilege settings with no user logins for the Web HMI Runtime environment.

Configuration Files

Configuration files containing sensitive information must reside in a folder restricted to ACL access, limiting access to the application-context user.

Passwords

Passwords must consist of a minimum of 32 alphanumeric characters to prevent access through brute force.

Valid Certificate Authority Certificate

Instead of using a self-signed certificate, purchase a valid CA certificate to secure your SSL implementation.

Network Level Authentication (NLA)

Allow connections only from computers running Remote Desktop with Network Level Authentication (NLA), as set on Control Panel > System and Security > System > Remote settings > Remote. For more information, see https://technet.microsoft.com/en-us/library/cc732713.aspx.

NetBios Service

If not being used, disable the NetBios service. For more information, see https://msdn.microsoft.com/en-us/library/ff648653.aspx#c16618429_012.

If the Web HMI server requires an active NetBios service, restrict anonymous access to sensitive data using the Registry. For more information, see https://msdn.microsoft.com/en-us/library/ms913275(v=winembedded.5).aspx

FIPS Compliance

Set the Remote Desktop Protocol (RDP) encryption level to FIPS compliant.

Autofill and Autocomplete

To reduce password security risks, turn off AutoComplete or AutoFill in the supported browsers: