ABB RMC-100 - General Security Guidelines

To Next Page

To Previous Page

2105552MNAE | RMC-100 | 101

IMPORTANT NOTE:

TCP port numbers from 0 to 1023 are universally reserved for well-known

ports. Never use these port numbers

6.3 Denial of Service (DOS) threshold rates

Protection of ports used for TCP/IP communication, such as Ethernet, is very important. Several

cybersecurity threats can make a device unavailable for connection.

If the ABB Totalflow device has a Denial of Service (DOS) attack, the device cannot grant requests for

connection. It stops responding. The following table provides the DOS threshold rates per packet type.

The device stops responding at these thresholds.

Table 6-5: Denial of Service (DOS) threshold rates

Packet type

Description

Ethernet

5 Mbps (7440 packets/sec)

ARP

2 Mbps (2976 packets/sec)

3 Mbps (4464 packets/sec)

ICMP

4 Mbps (5952 packets/sec)

UDP

3 Mbps (4464 packets/sec)

TCP

1 Mbps (1488 packets/sec)

6.4 Security guidelines

The following table contains recommended guidelines to secure access to the RMC. Find procedures

for secure configuration throughout this manual, and in quick start guides and online PCCU help files.

Table 6-6: RMC security guidelines

Recommendation

Description

Secure physical access

to the device

Control access to the device, its internal components, and connected

peripherals.

Secure access with

security switch

Turn the onboard security switch on to enforce authentication through bi-level

security codes or RBAC.

See section 6.5.

Configure bi-level

security codes

Change default security codes to private codes (the default security code for

both level 1 and level 2 is 0000).

See section 6.5.

Enable Role-Based

Access Control (RBAC)

Configure RBAC.

See section

6.6.

Enable role

-based access and enable authentication for each of the

communication ports.

Change the default RBAC passwords and security codes.

Secure network

connection

The device only connects to a firewall-protected private network. Do not

connect to the Internet.

Secure Bluetooth®

access

Enable Bluetooth only when required.

Enable RBAC authentication on the port.

See section 6.6.

Secure SSH/SFTP

access

Enable the SSH/SFTP service only when required.

Change the default SSH/SFTP private keys for all accounts.

The SSH/SFTP private keys should always be passphrase

-protected.

See section 6.7.

Main Page

ABB RMC-100 - General Security Guidelines

Table of Contents

Other manuals for ABB RMC-100

Related product manuals