Network and Security
Honeywell Mobile Computers
with Windows™ 10 Operating System
User Guide
Disclaimer
Honeywell International Inc. (“HII”) reserves the right to make changes in specifications and other information contained in this document without prior notice, and the reader should in all cases consult HII to determine whether any such changes have been made. The information in this publication does not represent a commitment on the part of HII.
HII shall not be liable for technical or editorial errors or omissions contained herein; nor for any damages, whether direct, special, incidental or consequential resulting from the furnishing, performance, or use of this material. HII disclaims all responsibility for the selection and use of software and/or hardware to achieve intended results.
To the extent permitted by applicable law, Honeywell disclaims all warranties whether written or oral, including any implied warranties of merchantability and fitness for a particular purpose.
This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of HII.
Web Address: www.honeywellaidc.com
Trademarks
Microsoft, Windows, Windows 10 and the Windows logo are registered trademarks of the Microsoft Corporation in the United States and/or other countries.
The Bluetooth trademarks are owned by Bluetooth SIG, Inc., U.S.A. and licensed to Honeywell.
microSD and microSDHC are trademarks or registered trademarks of SD-3C, LLC in the United States and/or other countries.
MITRE is a registered trademark of The MITRE Corporation.
Cisco and Catalyst are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries.
UNIX is a registered trademark of The Open Group.
Wi-Fi is a registered trademark of the Wi-Fi Alliance.
OpenSSL is a registered trademark of The OpenSSL Software Foundation, Inc.
Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the property of their respective owners.
For patent information, refer to www.hsmpats.com.
Copyright©2020 Honeywell International Inc. All rights reserved.
Customer Support ....................................................................................................................... |
vii |
Technical Assistance............................................................................................................ |
vii |
Product Service and Repair ............................................................................................... |
vii |
Limited Warranty................................................................................................................... |
vii |
Chapter 1 - Introduction.................................................................................. |
1 |
Intended Audience......................................................................................................................... |
1 |
How to Use this Guide.................................................................................................................. |
2 |
Product Detail.................................................................................................................................. |
2 |
System Architecture...................................................................................................................... |
2 |
Architecture of an In-Premise Windows System......................................................... |
2 |
Architecture of a Field Service Windows System........................................................ |
3 |
Related Documents....................................................................................................................... |
3 |
Chapter 2 - Security Checklist........................................................................ |
5 |
Infection by Viruses and Other Malicious Software Agents.......................................... |
5 |
Mitigation Steps....................................................................................................................... |
5 |
Unauthorized External Access.................................................................................................. |
6 |
Mitigation Steps....................................................................................................................... |
6 |
Unauthorized Internal Access................................................................................................... |
7 |
Mitigation Steps....................................................................................................................... |
7 |
Chapter 3 - Develop a Security Program...................................................... |
9 |
Form a Security Team................................................................................................................... |
9 |
Identify Assets to be Secured ................................................................................................. |
10 |
Windows Network and Security Guide |
iii |
Identify and Evaluate Threats................................................................................................. |
10 |
Identify and Evaluate Vulnerabilities................................................................................... |
10 |
Identify and Evaluate Privacy Issues ................................................................................... |
11 |
Create a Mitigation Plan........................................................................................................... |
11 |
Implement Change Management......................................................................................... |
11 |
Plan Ongoing Maintenance .................................................................................................... |
11 |
Chapter 4 - Disaster Recovery Plan............................................................ |
13 |
External Storage........................................................................................................................... |
13 |
Mobile Device Management Software................................................................................ |
13 |
Disaster Recover Testing .......................................................................................................... |
14 |
Chapter 5 - Security Updates And Service Packs.................................... |
15 |
Chapter 6 - Network Planning and Security............................................. |
17 |
Connect to the Business Network......................................................................................... |
17 |
Third Party Applications............................................................................................................ |
18 |
Chapter 7 - Secure Wireless Devices.......................................................... |
19 |
Wireless Local Area Networks and Access Point Security........................................... |
19 |
Secure Wireless AP Configuration.................................................................................. |
19 |
Secure Windows WLAN Configuration......................................................................... |
20 |
Bluetooth™ Wireless Technology Security......................................................................... |
20 |
Wireless Wide Area Network Security .................................................................................. |
20 |
Chapter 8 - System Monitoring................................................................... |
23 |
Intrusion Detection..................................................................................................................... |
23 |
Remote Device Management.................................................................................................. |
24 |
Operational Technology Security.......................................................................................... |
24 |
Chapter 9 - Secure Access to the Windows Operating System............. |
27 |
Internal Firewall............................................................................................................................ |
28 |
iv |
Windows Network and Security Guide |
Secure By Default Policy ........................................................................................................... |
28 |
Appendix A - Glossary..................................................................................... |
29 |
General Terms and Abbreviations ......................................................................................... |
29 |
Windows Network and Security Guide |
v |
vi |
Windows Network and Security Guide |
To search our knowledge base for a solution or to log in to the Technical Support portal and report a problem, go to www.hsmcontactsupport.com.
Honeywell International Inc. provides service for all of its products through service centers throughout the world. To find your service center, go to www.honeywellaidc.com and select Support. Contact your service enter to obtain a Return Material Authorization number (RMA #) before you return the product.
To obtain warranty or non-warranty service, return your product to Honeywell (postage paid) with a copy of the dated purchase record.
For warranty information, go to www.honeywellaidc.com and click Resources >
Product Warranty.
Windows Network and Security Guide |
vii |
viii |
Windows Network and Security Guide |
CHAPTER
This guide defines the security processes, both implemented and recommended by Honeywell, for using Honeywell mobile computers with Windows™ 10.
The target audience for this guide is the customer organization that identifies and manages the risks associated with the use of information processing equipment. This includes, but is not limited to, Information Technology (IT). Third party organizations delivering and installing turnkey systems should also follow the guidelines in this guide. The intent of this guide is to drive the discussion between the organization using mobile computers with Windows and the organization responsible for managing information technology risks.
A high degree of technical knowledge and familiarity in the following areas is assumed.
•Windows 10 operating system
•Networking systems and concepts
•Wireless systems
•Security issues and concepts. In particular, the following systems need to be understood and properly set up:
•Identity and access management (IAM) server
•Mobile device management (MDM) software
•Application server (such as a web server or terminal emulation server)
Windows Network and Security Guide |
1 |
Note: Windows references in this guide refer to devices with Windows 10 operating system.
If you have specific security concerns (e.g., the prevention of unauthorized access or virus protection), consult the Security Checklist (page 5) or select from the topics listed below.
•Develop a Security Program, page 9
•Disaster Recovery Plan, page 13
•Security Updates And Service Packs, page 15
•Secure Wireless Devices, page 19
•System Monitoring, page 23
•Secure Access to the Windows Operating System, page 27
Honeywell mobile devices are intended for use in in-premise Automatic Data Collection (ADC) systems and for field ADC applications. In-premise systems typically exist in establishments such as distribution warehouses or retail stores. This type of system often uses terminal emulation servers or web servers to direct the Honeywell mobile device to perform ADC operations (e.g., scanning during picking or placing of items). Field applications entail the use of the mobile device for field service applications and route distribution. Field service applications may use either web applications or client applications that require different levels of connectivity to the customer servers.
The diagrams on page 3 illustrate sample architecture for in-premise and field system Windows network deployments. In both examples, a firewall exists to prevent the systems from having direct access to external networks or the rest of the Business System Network (such as Finance or HR) and to prevent those systems from accessing the Windows system.
The next diagram provides an example of in-premise system architecture that includes multiple Windows devices, a wireless LAN (WLAN), a mobile device management (MDM) server and an application support server (such as a web server or a terminal emulation server).
2 |
Windows Network and Security Guide |
Portable |
|
Ring |
|
Printer |
|
||
|
Scanner |
||
|
|
||
Bluetooth |
|
Bluetooth |
|
Windows |
|
Windows |
|
Device |
|
Device |
|
Firewall |
|
|
|
|
|
Identity |
|
|
Wi-Fi |
Management |
|
Switch |
Server |
||
|
|||
|
|
AP |
|
MDM Server |
Ethernet |
Application |
|
|
|||
|
|
Server |
The next diagram provides an example of field application system architecture that includes Windows devices, a wireless wide area network (WWAN, also known as wireless phone service), and web applications, clients, and MDM servers.
Windows
Device
Cellular Data
Service Network
Windows
Device
Bluetooth
Portable
Printer
Firewall
Identity
Management
Server
Switch
MDM Server |
Application |
|
Server |
Go to www.honeywellaidc.com to download the user guide specific to your computer model.
Windows Network and Security Guide |
3 |
4 |
Windows Network and Security Guide |
CHAPTER
This chapter identifies common security threats that may affect networks containing Windows devices. You can mitigate the potential security risk to your site by following the steps listed under each threat. For more information, refer to https://docs.microsoft.com/en-us/windows/security/threat-protection/windows- security-baselines.
This threat encompasses malicious software agents; for example, viruses, spyware (Trojans) and worms.
The intrusion of malicious software agents can result in:
•Performance degradation,
•Loss of system availability, and
•Capturing, modifying, or deleting data
Honeywell recommends that the latest version of software native protections within the operating system are kept in place and that back-end infrastructure/ systems are upgraded to current standards to match.
Note: For optimal security, Honeywell recommends aligning back-end infrastructure to current operating system protections.
Mitigation Steps
Ensure virus protection is installed, signature files are up-to-date, and subscriptions are active.
Allow only digitally signed software from trusted sources to run.
Use a firewall at the interface between other networks and Windows devices.
Windows Network and Security Guide |
5 |