Device security
2.6
Security configuration
28
UM Security BRS-2A
Release
8.7
05/2022
2.6
Security configuration
The following description applies to:
The initial security configuration for a device out-of-the-box
Changes in the security configuration as part of operation or maintenance
Refer to the user manual "Configuration" for the functional device configuration.
Note:
To configure the device, you need management access to the device, which requires at least
a preliminary IP configuration. If the device does not yet have an IP configuration, Hirschmann
recommends using HiView to assign an IP configuration to the device. HiView then offers you to
open the device management.
The "Security Status" function in the device GUI can help you gain a first overview of the device
security status. The "Security Status" function monitors the most essential security configuration
settings. Depending on your needs, additional security configuration steps may be necessary even
if the "Security Status" function reports
ok
.
To save time and effort, you can perform the following security configuration steps by loading a
prepared configuration profile into the device.
At the first login with the default password, the device asks you to change the password. Use a
dedicated password according to your password policy
(see on page 19 “Plan a dedicated user
.
Overview and recommended sequence:
Perform the following steps as needed:
Assign a static IP address for the device management.
Configure a VLAN dedicated to management access.
Disable HiDiscovery access.
Disable logical access to unused ports and SFP slots.
Disable logical access to the Signal Contact.
Disable logical access to the Digital Input.
Configure Power over Ethernet
Disable booting from an external memory.
Disable automatic software update from an external memory.
Disable writing a configuration profile to an external memory.
Disable loading a configuration profile from an external memory.
Disable insecure management protocols.
Enable IP access restrictions.
Configure a dedicated HTTPS certificate.
Configure a dedicated SSH host key pair.
Configure a dedicated user account login policy.
Configure a dedicated user account password policy.
Configure dedicated user accounts.
Remove user accounts with standard names.
Adapt session timeouts.
Configure the time synchronization.
Configure logging.
Configure dedicated login banners.
You can elect to configure the following advanced device security as needed
(see on page 36
“Configure advanced device security”)
:
Disable access to the System monitor 1 via V.24.
Disable access to the CLI service shell.
Summary of Contents for HIRSCHMANN HiOS-2A
Page 6: ...Contents 6 UM Security BRS 2A Release 8 7 05 2022 ...
Page 8: ...Document History 8 UM Security BRS 2A Release 8 7 05 2022 ...
Page 10: ...Safety instructions 10 UM Security BRS 2A Release 8 7 05 2022 ...
Page 54: ...Network security support 3 11 Configure logging 54 UM Security BRS 2A Release 8 7 05 2022 ...
Page 62: ...Index 62 UM Security BRS 2A Release 8 7 05 2022 ...
Page 66: ......