BECKHOFF IPC-Security User Manual

Scenario 2: Industrial network entirely separated from IT network

In this scenario the IT and industrial network are physically separated and there is no connectivity between
both networks. Industrial controllers have no way to receive updates from a Windows Update Server, there-
fore all updates need to be applied manually.

Applying updates to an industrial controller

Engineering computers can and should be kept up-to-date with security updates. However, this procedure
may be more difficult in an industrial environment, depending on the IT infrastructure, as shown above.
Industrial controllers should be protected by a Write Filter (cf. chapter 3.2.3.15), which automatically leads
to another obstacle because as soon as you reboot the machine, all Windows Updates that have been
installed previously, will be reverted. Therefore, a typical workflow for maintenance would then look as
follows:

IPC Security

23