Eaton Network-M3 User Manual

Cybersecurity recommended secure hardening guidelinesSecuring the Network Management Module – 215••••••••••••••••••••••••••Local and Trusted remote certificate configuration: (Navigate to Settings>>>Certificate)Follow embedded help for instructions on how to configure it.Eaton recommends opening only those ports that are required for operations and protect the network communication usingnetwork protection systems like firewalls and intrusion detection systems / intrusion prevention systems. Use the informationbelow to configure your firewall rules to allow access needed for Network module to operate smoothlyNavigate toInformation>>>Specifications/Technical characteristics>>>Port to get the list of all ports and services running onthe device.SNMP V1/SNMP V3 can be disabled or configured by navigating toSettings>>>SNMP.Follow embedded help for instructions on how to configure it.If available, Modbus and Bacnet can be configured by navigating to Settings>>>Protocols or Settings>>>Industrial protocols.Follow embedded help for instructions on how to configure it.5.2.2.9 Remote accessRemote access to devices/systems creates another entry point into the network. Strict management and validation of terminationof such access is vital for maintaining control over overall ICS security.Remote access capabilities and permissions can be configured in Settings>>>Remote users for LDAP and Radius.Follow embedded help for instructions on how to configure it.5.2.2.10 Logging and Event ManagementNavigate to Information>>>List of events codes to get log information and how to export it.Good PracticesEaton recommends logging all relevant system and application events, including all administrative and maintenance activities.Logs should be protected from tampering and other risks to their integrity (for example, by restricting permissions to accessand modify logs, transmitting logs to a security information and event management system, etc.).Ensure that logs are retained for a reasonable and appropriate length of time.Review the logs regularly. The frequency of review should be reasonable, taking into account the sensitivity and criticality ofthe system | device and any data it processes.5.2.2.11 Malware defensesEaton recommends deploying adequate malware defenses to protect the product or the platforms used to run the Eaton product.5.2.2.12 Secure MaintenanceTroubleshooting information are available in the embedded help for diagnostic purposes.The Network module includes also Servicing, Securing sections to allow a service engineer with help from site administrator totrouble shoot the device functionality.Configuring/Commissioning/Testing LDAPPairing agent to the Network ModulePowering down/up applications (examples)Checking the current firmware version of the Network ModuleAccessing to the latest Network Module firmware/driver/scriptUpgrading the card firmware (Web interface / shell script)Changing the RTC battery cellUpdating the time of the Network Module precisely and permanently (ntp server)Synchronizing the time of the Network Module and the UPSChanging the language of the web pagesResetting username and passwordRecovering main administrator passwordSwitching to static IP (Manual) / Changing IP address of the Network ModuleReading device information in a simple waySubscribing to a set of alarms for email notificationSaving/Restoring/Duplicating Network module configuration settingsConfiguring user permissions through profilesDecommissioning the Network Management module