Security planning
1.4
Impact of device requirements on system planning
20
UM Security BRS-2A
Release
8.7
05/2022
Note:
The device asks you to change the default password on the first login. Hirschmann
recommends planning an overarching user account password policy and apply it to each device.
To deter attackers, consider planning different passwords on different devices.
Note:
Software releases 08.1.00 and higher in the delivery state no longer offer a user account with
the name
user
and the associated default password
public
. If you need a user account that has
only read access, you can create a user account with the access role
guest
and the user name
user
.
1.4.4
Plan a dedicated user account name and access role policy for device
management
Configure dedicated user accounts as needed:
Assign the login and password policies.
Create user accounts with:
–
Dedicated names
1
–
Chosen access roles that offer only the least necessary privileges
Assign the new user accounts strong, individual passwords and apply the password policy
check.
–
Plan strong SNMPv3 authentication and encryption types and strong related passwords for
the new user accounts.
Remove user accounts with standard names.
Note:
Hirschmann recommends planning an overarching user account and access role policy and
apply it to each device. To deter attackers, consider planning different user account names and
different passwords on different devices.
Hirschmann also recommends planning an overarching policy for SNMPv3 authentication and
encryption types, and the related passwords. To deter attackers, consider planning different
SNMPv3 passwords on different devices.
1.4.5
Plan a dedicated logging policy
Configure device logging settings:
Synchronize the device system clock to a trusted source.
Assign the logging destinations you require.
Assign the severity levels you require.
Note:
Hirschmann recommends planning an overarching device logging policy and apply it to each
device.
Table 1: User credentials for the user account in the delivery state
User Name Default Password Access Role
Privileges
admin
private
Administrator
Monitor the device and change settings.
1.User account could also be deliberately chosen to be non-descriptive.
Summary of Contents for HIRSCHMANN HiOS-2A
Page 6: ...Contents 6 UM Security BRS 2A Release 8 7 05 2022 ...
Page 8: ...Document History 8 UM Security BRS 2A Release 8 7 05 2022 ...
Page 10: ...Safety instructions 10 UM Security BRS 2A Release 8 7 05 2022 ...
Page 54: ...Network security support 3 11 Configure logging 54 UM Security BRS 2A Release 8 7 05 2022 ...
Page 62: ...Index 62 UM Security BRS 2A Release 8 7 05 2022 ...
Page 66: ......