Honeywell Network and Security User Manual
Network and Security
Honeywell Mobile Computers
with Windows™ 10 Operating System
User Guide
Disclaimer
Honeywell International Inc. (“HII”) reserves the right to make changes in specifications and other information contained in
this document without prior notice, and the reader should in all cases consult HII to determine whether any such changes
have been made. The information in this publication does not represent a commitment on the part of HII.
HII shall not be liable for technical or editorial errors or omissions contained herein; nor for any damages, whether direct,
special, incidental or consequential resulting from the furnishing, performance, or use of this material. HII disclaims all
responsibility for the selection and use of software and/or hardware to achieve intended results.
To the extent permitted by applicable law, Honeywell disclaims all warranties whether written or oral, including any implied
warranties of merchantability and fitness for a particular purpose.
This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this
document may be photocopied, reproduced, or translated into another language without the prior written consent of HII.
Web Address: www.honeywellaidc.com
Trademarks
Microsoft, Windows, Windows 10 and the Windows logo are registered trademarks of the Microsoft Corporation in the
United States and/or other countries.
The Bluetooth trademarks are owned by Bluetooth SIG, Inc., U.S.A. and licensed to Honeywell.
microSD and microSDHC are trademarks or registered trademarks of SD-3C, LLC in the United States and/or other
countries.
MITRE is a registered trademark of The MITRE Corporation.
Cisco and Catalyst are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries.
UNIX is a registered trademark of The Open Group.
Wi-Fi is a registered trademark of the Wi-Fi Alliance.
OpenSSL is a registered trademark of The OpenSSL Software Foundation, Inc.
Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies
and are the property of their respective owners.
For patent information, refer to www.hsmpats.com.
Copyright©2020 Honeywell International Inc. All rights reserved.
TABLE OF CONTENTS
Customer Support ....................................................................................................................... vii
Technical Assistance ............................................................................................................vii
Product Service and Repair ............................................................................................... vii
Limited Warranty ................................................................................................................... vii
Chapter 1 - Introduction..................................................................................1
Intended Audience......................................................................................................................... 1
How to Use this Guide .................................................................................................................. 2
Product Detail..................................................................................................................................2
System Architecture...................................................................................................................... 2
Architecture of an In-Premise Windows System......................................................... 2
Architecture of a Field Service Windows System ........................................................3
Related Documents....................................................................................................................... 3
Chapter 2 - Security Checklist........................................................................5
Infection by Viruses and Other Malicious Software Agents.......................................... 5
Mitigation Steps....................................................................................................................... 5
Unauthorized External Access.................................................................................................. 6
Mitigation Steps....................................................................................................................... 6
Unauthorized Internal Access................................................................................................... 7
Mitigation Steps....................................................................................................................... 7
Chapter 3 - Develop a Security Program......................................................9
Form a Security Team................................................................................................................... 9
Identify Assets to be Secured ................................................................................................. 10
Windows Network and Security Guide iii
Identify and Evaluate Threats.................................................................................................10
Identify and Evaluate Vulnerabilities...................................................................................10
Identify and Evaluate Privacy Issues ...................................................................................11
Create a Mitigation Plan ...........................................................................................................11
Implement Change Management......................................................................................... 11
Plan Ongoing Maintenance ....................................................................................................11
Chapter 4 - Disaster Recovery Plan............................................................ 13
External Storage...........................................................................................................................13
Mobile Device Management Software ................................................................................13
Disaster Recover Testing ..........................................................................................................14
Chapter 5 - Security Updates And Service Packs .................................... 15
Chapter 6 - Network Planning and Security............................................. 17
Connect to the Business Network.........................................................................................17
Third Party Applications............................................................................................................ 18
Chapter 7 - Secure Wireless Devices.......................................................... 19
Wireless Local Area Networks and Access Point Security...........................................19
Secure Wireless AP Configuration..................................................................................19
Secure Windows WLAN Configuration ......................................................................... 20
Bluetooth™ Wireless Technology Security.........................................................................20
Wireless Wide Area Network Security ..................................................................................20
Chapter 8 - System Monitoring ................................................................... 23
Intrusion Detection .....................................................................................................................23
Remote Device Management..................................................................................................24
Operational Technology Security .......................................................................................... 24
Chapter 9 - Secure Access to the Windows Operating System............. 27
Internal Firewall............................................................................................................................ 28
iv Windows Network and Security Guide
Secure By Default Policy ...........................................................................................................28
Appendix A - Glossary.....................................................................................29
General Terms and Abbreviations .........................................................................................29
Windows Network and Security Guide v
vi Windows Network and Security Guide
Customer Support
Technical Assistance
To search our knowledge base for a solution or to log in to the Technical Support
portal and report a problem, go to www.hsmcontactsupport.com.
Product Service and Repair
Honeywell International Inc. provides service for all of its products through service
centers throughout the world. To find your service center, go to
www.honeywellaidc.com and select Support. Contact your service enter to obtain a
Return Material Authorization number (RMA #) before you return the product.
To obtain warranty or non-warranty service, return your product to Honeywell
(postage paid) with a copy of the dated purchase record.
Limited Warranty
For warranty information, go to www.honeywellaidc.com and click Resources >
Product Warranty.
Windows Network and Security Guide vii
viii Windows Network and Security Guide
CHAPTER
1
INTRODUCTION
This guide defines the security processes, both implemented and recommended by
Honeywell, for using Honeywell mobile computers with Windows™ 10.
Intended Audience
The target audience for this guide is the customer organization that identifies and
manages the risks associated with the use of information processing equipment.
This includes, but is not limited to, Information Technology (IT). Third party
organizations delivering and installing turnkey systems should also follow the
guidelines in this guide. The intent of this guide is to drive the discussion between
the organization using mobile computers with Windows and the organization
responsible for managing information technology risks.
A high degree of technical knowledge and familiarity in the following areas is
assumed.
• Windows 10 operating system
• Networking systems and concepts
• Wireless systems
• Security issues and concepts. In particular, the following systems need to be
understood and properly set up:
• Identity and access management (IAM) server
• Mobile device management (MDM) software
• Application server (such as a web server or terminal emulation server)
Windows Network and Security Guide 1
How to Use this Guide
Note: Windows references in this guide refer to devices with Windows 10 operating system.
If you have specific security concerns (e.g., the prevention of unauthorized access
or virus protection), consult the Security Checklist (page 5) or select from the
topics listed below.
• Develop a Security Program,page 9
• Disaster Recovery Plan,page 13
• Security Updates And Service Packs,page 15
• Secure Wireless Devices,page 19
• System Monitoring,page 23
• Secure Access to the Windows Operating System,page 27
Product Detail
Honeywell mobile devices are intended for use in in-premise Automatic Data
Collection (ADC) systems and for field ADC applications. In-premise systems
typically exist in establishments such as distribution warehouses or retail stores.
This type of system often uses terminal emulation servers or web servers to direct
the Honeywell mobile device to perform ADC operations (e.g., scanning during
picking or placing of items). Field applications entail the use of the mobile device
for field service applications and route distribution. Field service applications may
use either web applications or client applications that require different levels of
connectivity to the customer servers.
System Architecture
The diagrams on page 3 illustrate sample architecture for in-premise and field
system Windows network deployments. In both examples, a firewall exists to
prevent the systems from having direct access to external networks or the rest of
the Business System Network (such as Finance or HR) and to prevent those
systems from accessing the Windows system.
Architecture of an In-Premise Windows System
The next diagram provides an example of in-premise system architecture that
includes multiple Windows devices, a wireless LAN (WLAN), a mobile device
management (MDM) server and an application support server (such as a web
server or a terminal emulation server).
2 Windows Network and Security Guide
Firewall
Switch
MDM Server
AP
Identity
Management
Server
Application
Server
Wi-Fi
Windows
Device
Windows
Device
Bluetooth Bluetooth
Portable
Printer
Ring
Scanner
Ethernet
Firewall
MDM Server
Identity
Management
Server
Application
Server
Cellular Data
Service Network
Windows
Device
Bluetooth
Switch
Portable
Printer
Windows
Device
Architecture of a Field Service Windows System
The next diagram provides an example of field application system architecture that
includes Windows devices, a wireless wide area network (WWAN, also known as
wireless phone service), and web applications, clients, and MDM servers.
Related Documents
Windows Network and Security Guide 3
Go to www.honeywellaidc.com to download the user guide specific to your
computer model.
4 Windows Network and Security Guide
CHAPTER
2
SECURITY CHECKLIST
This chapter identifies common security threats that may affect networks
containing Windows devices. You can mitigate the potential security risk to your
site by following the steps listed under each threat. For more information, refer to
https://docs.microsoft.com/en-us/windows/security/threat-protection/windowssecurity-baselines.
Infection by Viruses and Other Malicious Software Agents
This threat encompasses malicious software agents; for example, viruses, spyware
(Trojans) and worms.
The intrusion of malicious software agents can result in:
• Performance degradation,
• Loss of system availability, and
• Capturing, modifying, or deleting data
Mitigation Steps
Honeywell recommends that the latest version of software native protections
within the operating system are kept in place and that back-end infrastructure/
systems are upgraded to current standards to match.
Note: For optimal security, Honeywell recommends aligning back-end infrastructure to
current operating system protections.
Mitigation Steps
Ensure virus protection is installed, signature files are up-to-date, and subscriptions are active.
Allow only digitally signed software from trusted sources to run.
Use a firewall at the interface between other networks and Windows devices.
Windows Network and Security Guide 5
Loading...