BECKHOFF IPC-Security User Manual

3.2.3.8. Webserver

Beckhoff images that are based on Windows XP or Windows 7, are delivered with an activated IIS Webserver
that hosts different web-based services. As it may be sufficient to just close the corresponding firewall ports
of these services (as explained in chapter 6.4), you should deactivate the Webserver completely if you do
not require or do not want to use the corresponding services.

Please see chapter A.4.3.6 for a Step-by-Step guide.

3.2.3.9. Windows Registry

The Windows Registry provides many critical system settings. Therefore access to registry tools like regedit.exe
should be blocked.

Please see chapter A.4.3.7 for a Step-by-Step guide.

3.2.3.10. Windows Command Prompt

Access to the Windows Command Prompt (cmd.exe) should be blocked.

Please see chapter A.4.3.8 for a Step-by-Step guide.

3.2.3.11. Network environment

Access to the network environment icon should be blocked to constrict users to browse network computers.
Please note that this only hides the network environment icon from the Windows Explorer’s view but does
not block access to it. Other restrictions might be needed.

Please see chapter A.4.3.9 for a Step-by-Step guide.

3.2.3.12. Map network drive

Users should not be able to add or remove network drives. You should therefore block access to these
features.

Please see chapter refsec:disallowingUsersToAddNetworkDrives for a Step-by-Step guide.

3.2.3.13. Drive letters

If you do not want users to access a local CDROM or Floppy Disk drive, you can restrict access to specific
drive letters by altering the Windows registry. You can either block access to specific drive letters or just
make them disappear from the Windows Explorer’s view.

Please see chapter A.4.3.11 for a Step-by-Step guide.

IPC Security

17