Account Management
Follow these best practices when setting up an account:
1. Each account should be assigned the correct privileges: Only allow the minimum number of people to
have admin privilege so they can perform device configuration or modifications, while other users
should only have the minimum required access privilege needed to fulfill their corresponding role. The
AWK Series supports both local account authentication and remote centralized authentication
mechanisms such as RADIUS.
2. Password protection has two means of enforcement: Password Lifetime and Password Complexity. We
recommend to:
a. Review whether the password lifetime needs to be adjusted according to your organization's policies.
b. Review whether the configured password complexity options enabled on the AWK Series system
(refer to Create a New Account) is sufficient according to your organization's policies. If not, modify
the password complexity requirements to meet your organization's security guidelines.
3. Enforce regulations that ensure only trusted hosts can access the device. Refer to the Trusted Access
section for more information and instructions.
Vulnerable Protocols
1. For network security reasons, we strongly recommend that you change the default port numbers, such
as the TCP port number for HTTP, HTTPS, Telnet, and SSH, for protocols that are in use. Ports that are
not in use but are still accessible, pose a security risk and should be disabled. Refer to the Management
Interface section for more information and instructions.
Below is the list of default port numbers for each protocol used by all external interfaces.
TCP
UDP
2. In order to avoid malicious actors from snooping confidential information, users should always apply
encryption-based communication protocols such as HTTPS instead of HTTP, SSH instead of Telnet, SFTP
instead of TFTP, SNMPv3 instead of SNMPv1/v2c etc. In addition, the maximum number of sessions
should be kept to an absolute minimum. Refer to the Management Interface section for more
information and instructions.
3. Users should generate the SSL certificate for the device before commissioning HTTPS or SSH
applications. Please refer to the Certificate Management section for more information and instructions.
4. The HTTP, SNMPv1v2, and Telnet protocols are insecure and by default DISABLED. We recommend to
always use secure alternatives such as HTTPS, SNMPv3, or SSL to protect your communications. If
unsecure protocols need to be used with legacy devices, please consult a qualified security expert to
evaluate and implement additional protection measures to prevent any potential security risks.
5. In order to ensure that the device configurations are adequately protected prior to deployment, it is
recommended to review the security status of the device. Refer to the Security Status section for an
overview of the device’s current security conditions. If any of the identified risks require mitigating
action, navigate to the corresponding setup page to address the issue, or consult a qualified security
expert to evaluate and implement additional protection measures to prevent any potential security
risks.
Operation
1. The AWK Series supports the TLS v1.2 cryptographic algorithm to protect your HTTPS/SSH applications.
Please ensure that your web browser is updated to a version that supports TLS v1.2:
To Next Page
Loading...
Need help?
General
