Belden HIRSCHMANN HiOS-2A - Disable Loading a Configuration Profile that Lacks a Valid Fingerprint; Disable Insecure Management Protocols; Configure Management IP Access Restrictions

66 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Device security

2.6

Security configuration

32

UM Security BRS-2A

Release

8.7

05/2022

2.6.12 Disable loading a configuration profile that lacks a valid fingerprint

Disable the loading of a configuration profile that lacks a valid fingerprint. This helps secure the

device against loading an unsigned configuration profile placed on an external memory and

plugged into the device with the intention that the unsigned configuration profile will take effect after

a reboot.

See the user manual "Configuration" on how to disable loading an unsigned configuration profile

from an external memory.

2.6.13 Disable insecure management protocols

Disable insecure management protocols:

 Disable SNMPv1 (delivery state: disabled).

 Disable SNMPv2 (delivery state: disabled).

 Disable Telnet (delivery state: disabled).

 Disable HTTP (delivery state: enabled (redirects to HTTPS)).

2.6.14 Configure management IP access restrictions

The device allows restricting the management access to the device to a source IP address range.

You specify the address range by giving an IP address and a netmask.

You can configure the management access IP restrictions individually for each protocol or for a

group of protocols.

Note: Protocols with the delivery state Enabled (bolded) may be useful for the initial configuration

of the device. However, they may be considered insecure for production. Disable these protocols

as soon as you no longer need them.

Confirm that at least one of the configured management access IP restrictions is active. If no

restriction is active, this leads to unrestricted management access for all enabled protocols.

Table 2: Management access protocol overview

Protocol Recommendation for production Delivery state

HTTP Disabled Enabled (redirects to HTTPS)

HTTPS Enabled Enabled

SNMPv1 Disabled Disabled

SNMPv2 Disabled Disabled

SNMPv3 Enabled Enabled

Telnet Disabled Disabled

SSH Enabled Enabled

IEC 61850-MMS Disabled Disabled

Modbus TCP Disabled Disabled

EtherNet/IP Disabled Disabled

OPC UA Server Disabled Disabled

PROFINET Disabled Disabled

Table of Contents

Related product manuals

Preview: Belden HIRSCHMANN RSP20

Belden HIRSCHMANN RSP20

Preview: Belden HIRSCHMANN GRS105

Belden HIRSCHMANN GRS105

Belden HIRSCHMANN GRS106

Preview: Belden Hirschmann MICE MS20

Belden Hirschmann MICE MS20

Preview: Belden HIRSCHMANN OCTOPUS OS3

Belden HIRSCHMANN OCTOPUS OS3

Preview: Belden Hirschmann RED25 Series

Belden Hirschmann RED25 Series

Preview: Belden Hirschmann MACH102 Series

Belden Hirschmann MACH102 Series

Preview: Hirschmann GREYHOUND GRS1042

Hirschmann GREYHOUND GRS1042

Hirschmann GREYHOUND GPS1-K

Preview: Hirschmann MAMMUTHUS MTS2600

Hirschmann MAMMUTHUS MTS2600

Preview: Hirschmann OCTOPUS 8TX PoE-EEC

Hirschmann OCTOPUS 8TX PoE-EEC

Preview: Hirschmann SPIDER-SL-20-08T1999999SY9HHHH

Hirschmann SPIDER-SL-20-08T1999999SY9HHHH