Eaton INDGW-X2 User Manual
Also see for INDGW-X2: Manual
                                                                                                                                                                                                                                                                                 |
Cybersecurity recommended secure hardening guidelinesSecuring the Network Management Module – 204••••••••••Restrict administrative privileges - Threat actors are increasingly focused on gaining control of legitimate credentials,especially those associated with highly privileged accounts. Limit privileges to only those needed for a user’s duties.Perform periodic account maintenance (remove unused accounts).Change passwords and other system access credentials whenever there is a personnel change.Use client certificates along with username and password as additional security measure.Description of the User management in the Network Module:User and profiles management: (Navigate to Contextual help>>>Settings>>>Local users)Add usersRemove usersEdit usersPassword/Account/Session management: (Navigate to Contextual help>>>Settings>>>Local users)Password strength rules – Minimum length/Minimum upper case/Minimum lower case/Minimum digit/Special characterAccount expiration – Number of days before the account expiration/Number of tries before blocking the accountSession expiration – No activity timeout/Session lease timeSee "Default settings parameters" in the embedded help for (recommended) default values.Additionally, it is possible to enable account expiration to force users renew their password periodically.Default credentials: admin/adminThe change of the default "admin" password is enforced at first connection.It is also recommended to change the default "admin" user name through the Contextual help>>>Settings>>>Localusers page.Follow embedded help for instructions on how to edit a user account.Server and client certificate configuration: (Navigate to Contextual help>>>Settings>>>Certificate)Follow embedded help for instructions on how to configure it.5.2.2.4Deactivate unused featuresNetwork module provides multiple options to upgrade firmware, change configurations, set power schedules, etc. The device alsoprovide multiple options to connect with the device i.e. SSH, SNMP,SMTP,HTTPS etc. Services like SNMPv1 are consideredinsecure and Eaton recommends disabling all such insecure services.It is recommended to disable unused physical ports like USB and SD card.Disable insecure services like SNMP v1Network SecurityNetwork module provides network access to facilitate communication with other devices in the systems and configuration. But thiscapability could open up a big security hole if it’s not configured securely.Eaton recommends segmentation of networks into logical enclaves and restrict the communication to host-to-host paths. This helpsprotect sensitive information and critical services and limits damage from network perimeter breaches. At a minimum, a utility•••••••••••Avoid using ‘umac’ based MAC algorithms, use only secure algorithms while connecting to SSH interface of thecardEaton Recommends using following secure algorithms:Key Exchange algorithmscurve25519-sha256@libssh.orgdiffie-hellman-group14-sha256diffie-hellman-group18-sha512Encryption algorithmsaes256-ctraes256-gcm@openssh.comaes128-gcm@openssh.comMessage Authentication Code (MAC) algorithmshmac-sha2-512-etm@openssh.comhmac-sha2-256-etm@openssh.com |
Related manuals for Eaton INDGW-X2
Eaton INDGW-M2 User Manual
Eaton Power Xpert User Manual
Eaton ELPRO 415U User Manual
Eaton XN-GWBR Series User Manual
Eaton XNE-GWBR-2ETH-MB User Manual
Eaton PXG600E User & Installation Manual
Eaton XN-312-GW-EC Manual
Eaton Power Xpert 1000 Series User Manual
Eaton XN-312-GW-CAN Manual
Eaton SWIRE-GW-MB Manual
This manual is suitable for:
manualsdatabase
Your AI-powered manual search engine