Cybersecurity recommended secure hardening guidelines
Securing the Network Management Module – 215
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Local and Trusted remotecertificate configuration: (Navigate to Settings>>>Certificate)
Follow embedded help for instructions on how to configure it.
Eaton recommends opening only those ports that arerequiredfor operations and protect the network communication using
network protection systems like firewalls and intrusion detection systems / intrusion prevention systems. Use the information
below to configure your firewall rules to allow access needed for Network module to operate smoothly
Navigate to
Information>>>Specifications/Technical characteristics>>>Port
to get the list of all ports and services running on
the device.
SNMP V1/SNMP V3 can be disabled or configured by navigating to
Settings>>>SNMP
.
Follow embedded help for instructions on how to configure it.
If available, Modbus and Bacnet can be configured by navigating to Settings>>>Protocols or Settings>>>Industrial protocols.
Follow embedded help for instructions on how to configure it.
5.2.2.9 Remote access
Remote access to devices/systems creates another entry point into the network. Strict management and validation of termination
of such access is vital for maintaining control over overall ICS security.
Remote access capabilities and permissions can be configured in Settings>>>Remote users for LDAP and Radius.
Follow embedded help for instructions on how to configure it.
5.2.2.10 Logging and Event Management
Navigate toInformation>>>List of events codesto get log information and how to export it.
Good Practices
Eaton recommends logging all relevant system and application events, including all administrative and maintenance activities.
Logs should be protected from tampering and other risks to their integrity (for example, by restricting permissions to access
and modify logs, transmitting logs to a security information and event management system, etc.).
Ensure that logs are retained for a reasonable and appropriate length of time.
Review the logs regularly. The frequency of review should be reasonable, taking into account the sensitivity and criticality of
the system | device and any data it processes.
5.2.2.11 Malware defenses
Eaton recommends deploying adequate malware defenses to protect the product or the platforms used to run the Eaton product.
5.2.2.12 Secure Maintenance
Troubleshooting information are available in the embedded help for diagnostic purposes.
The Network module includes also Servicing, Securing sections to allow a service engineer with help from site administrator to
trouble shoot the device functionality.
Configuring/Commissioning/Testing LDAP
Pairing agent to the Network Module
Powering down/up applications (examples)
Checking the current firmware version of the Network Module
Accessing to the latest Network Module firmware/driver/script
Upgrading the card firmware (Web interface / shell script)
Changing the RTC battery cell
Updating the time of the Network Module precisely and permanently (ntp server)
Synchronizing the time of the Network Module and the UPS
Changing the language of the web pages
Resetting username and password
Recovering main administrator password
Switching to static IP (Manual) / Changing IP address of the Network Module
Reading device information in a simple way
Subscribing to a set of alarms for email notification
Saving/Restoring/Duplicating Network module configuration settings
Configuring user permissions through profiles
Decommissioning the Network Management module
To Next Page
Loading...
