Eaton SEFELEC 5 Series User Manual

User manual SEFELEC 5x Series 165 v1.06Following are some best practices that EATON recommends to physically secure your device:- Secure the facility and equipment rooms or closets with access control mechanisms suchas locks, entry card readers, guards, man traps, CCTV, etc. as appropriate.- Restrict physical access to cabinets and/or enclosures containing SEFELEC 5x and the asso-ciated system.- Physical access to the telecommunication lines and network cabling should be restrictedto protect against attempts to intercept or sabotage communications. It’s a best practice to usemetal conduits for the network cabling running between equipment cabinets- SEFELEC 5x supports the following physical access ports: RS232C, USB, IEEE488-2,Ethernet, PLC. Refer to section 12 to 15 of the operating manual.Access to these ports should be restricted.- Do not connect removable media (e.g., USB devices) for any operation (e.g., firmwareupgrade, configuration change, or boot application change) unless the origin of the media isknown and trusted.- Before connecting any portable device through a USB port, scan the device for malwareand viruses.17.1.4. ACCOUNT MANAGEMENTLogical access to the device should be restricted to legitimate users, who should be assignedonly the privileges necessary to complete their job roles/functions. Some of the following bestpractices may need to be implemented by incorporating them into the organization's written poli-cies:- Ensure default credentials are changed upon first login. SEFELEC 5x should not be de-ployed in production environments with default credentials, as default credentials are publiclyknown.- No Account Sharing - Each user should be provisioned a unique account instead ofsharing accounts and passwords. Security monitoring/logging features in the product are de-signed based on each user having a unique account. Allowing users to share credentials weak-ens security.- Administrative restrict privileges - attackers seek to gain control of legitimate credentials,especially those for highly privileged accounts. Administrative privileges should be assigned onlyto accounts specifically designated for administrative duties and not for regular use.- Leveragethe roles / access privileges, refer to Section 6.6 of the Manual of use to provide users with ac-cess in several levels depending on the needs of the business. Follow the principle of least privi-lege (Assign the minimum level of authority and access the system resources required for therole).