85InStALLAtIon And opErAtIon mAnuAL 25-13741-C October 2018 www.eaton.comAPPENDIXAPPENDIX 7 – Cyber security GuidelinesVoCALL 16 has been designed with Cyber security as an important consideration.A number of Cyber security features are offered in the product which if implementedas per the recommendations in this section would minimize Cyber security risk toVoCALL 16. This section provides information to the users to securely deploy andmaintain their product to adequately minimize the cyber security risksto their system.VoCALL - Secure Configuration GuidelinesCategory DescriptionAsset identificationand Inventory Keeping track of all the devices in the system is a pre-requisite for effective managementof Cyber-security of a system. Ensure you maintain an inventory of all the components inyour system in a manner in which you uniquely identify each component.To facilitate this VoCALL 16 supports the following identifying information - manufacturer,type, serial number, software version. Refer Section 11 for more information.Physical Protection Communication Protocols don’t offer cryptographic protections at protocol level, atphysical ports and at controller mode switches leaving them exposed to Cyber securityrisk. Physical security is an important layer of defense in such cases. VoCALL 16 isdesigned with the consideration that it would be deployed and operated in a physicallysecure location.- Physical access to cabinets and/or enclosures containing VoCALL 16 and the associatedsystem should be restricted, monitored and logged at all times.- Physical access to the communication lines should be restricted to prevent any attemptsof wiretapping, sabotage. It’s a best practice to use metal conduits for the communicationlines running between one cabinet to another cabinet.- Do not connect unauthorized SD card for any operation (e.g. Firmware upgrade,Configuration change and Boot application change).Authorization andAccess Control It is extremely important to securely configure the logical access mechanisms providedin VoCALL 16 to safeguard the device from unauthorized access. Eaton recommends thatthe available access control mechanisms be used properly to ensure that access to thesystem is restricted to legitimate users only. And, such users are restricted to only theprivilege levels necessary to complete their job roles/functions.- Ensure default credentials are changed upon first login. VoCALL 16 should not becommissioned for production with Default credentials; it’s a serious Cybersecurity flaw asthe default credentials are published in the manuals.- No password sharing – Make sure each user gets his/her own password for that desiredfunctionality vs. sharing the passwords.- Restrict administrative privileges - Threat actors are increasingly focused on gainingcontrol of legitimate credentials, especially those associated with highly privilegedaccounts. Limit privileges to only those needed for a user’s duties.- Perform periodic account maintenance (remove unused accounts).- Change passwords and other system access credentials whenever there isa personnel change.- Refer section 11 for more information.