Security best practices

Always upgrade your platform and station to the latest software version. Install all patches and software updates.

Physical security is crucial. Secure all computer equipment in a locked room. Make sure that each station is only accessible by authorized users.

Physically protect wiring to prevent an unauthorized person from plugging in to your network.

Use digital certificates to secure data transmission over wires or wireless connections. If you must connect a host station directly to the public Internet, make sure you are using CA-signed certificates

If your company is acting as its own CA (Certificate Authority), your root CA certificate must be separately installed in each station's User Trust Store.

Physically protect the medium (usually a USB thumb drive) you use to back up and transport exported certificates.

Install browsers using only a trusted installation program. The program you use installs third-party certificates from CAs. These must be trustworthy certificates.

For high-traffic stations (especially stations that provide public access to a controller network), secure niagarad with a separate certificate from that used for your FoxService and WebService.

Back up each station regularly. Embedded systems, such as JACE controllers write audit information to a rolling buffer. To avoid losing a station's audit trail, regularly export audit histories to a Supervisor station.