Belden HIRSCHMANN HiOS-2A - Configure a Dedicated HTTPS Certificate; Configure a Dedicated SSH Host Key Pair; Configure a Dedicated User Account Login Policy

66 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Device security

2.6

Security configuration

33

UM Security BRS-2A

Release

8.7

05/2022

Excluding a protocol from all management access IP restrictions while the protocol itself is enabled

leads to unrestricted management access for the respective protocol.

2.6.15 Configure a dedicated HTTPS certificate

In the state of delivery, the device contains a self-signed HTTPS certificate.

You have the option of:

 Replacing the existing HTTPS certificate with a new, self-signed HTTPS certificate on the

device

 Loading a dedicated HTTPS certificate onto the device

Note: When you create new, self-signed HTTPS certificate on the device, use the HTTPS

certificate fingerprint algorithm

sha256

(delivery state:

sha256

).

If you have an established public key infrastructure (PKI), then loading a dedicated HTTPS

certificate onto the device is generally considered more secure and also more convenient.

Choose the option that meets your needs. For details, refer to the user manual "Configuration",

appendix chapter "HTTPS certificate".

2.6.16 Configure a dedicated SSH host key pair

In the state of delivery, the device contains a self-signed SSH host key pair.

You have the option of:

 Replacing the existing SSH host key pair with a new, self-signed SSH host key pair on the

device

 Loading a dedicated SSH host key pair onto the device

Note: When you create a new, self-signed SSH host key pair on the device, use the SSH host key

fingerprint algorithm

sha256

(delivery state:

sha256

).

If you have control over the entropy used for key generation, then loading a dedicated SSH host

key onto the device is probably more secure.

If you have an established PKI, then loading an SSH host key signed by a Certification Authority

onto the device is generally considered more secure and also more convenient.

Choose the option that meets your needs. For details, refer to the user manual "Configuration",

appendix chapter "Preparing access via SSH".

2.6.17 Configure a dedicated user account login policy

Note: Hirschmann assumes that, when reading this section, you have already created a dedicated

user account login policy (see on page 19 “Plan a dedicated user account login policy”).

The login policy applies to the following user interfaces and access protocols:

 The Command Line Interface (CLI) using SSH or Telnet

 The Graphical User Interface (GUI) using HTTPS or HTTP

Table of Contents

Related product manuals

Preview: Belden HIRSCHMANN RSP20

Belden HIRSCHMANN RSP20

Preview: Belden HIRSCHMANN GRS105

Belden HIRSCHMANN GRS105

Belden HIRSCHMANN GRS106

Preview: Belden Hirschmann MICE MS20

Belden Hirschmann MICE MS20

Preview: Belden HIRSCHMANN OCTOPUS OS3

Belden HIRSCHMANN OCTOPUS OS3

Preview: Belden Hirschmann RED25 Series

Belden Hirschmann RED25 Series

Preview: Belden Hirschmann MACH102 Series

Belden Hirschmann MACH102 Series

Preview: Hirschmann GREYHOUND GRS1042

Hirschmann GREYHOUND GRS1042

Hirschmann GREYHOUND GPS1-K

Preview: Hirschmann MAMMUTHUS MTS2600

Hirschmann MAMMUTHUS MTS2600

Preview: Hirschmann OCTOPUS 8TX PoE-EEC

Hirschmann OCTOPUS 8TX PoE-EEC

Preview: Hirschmann SPIDER-SL-20-08T1999999SY9HHHH

Hirschmann SPIDER-SL-20-08T1999999SY9HHHH