Cybersecurity recommended secure hardening guidelines
Securing the Network Management Module – 203
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
IPV4
Status
Mode
Address
Netmask
Gateway
Domain
Mode
FQDN
Primary DNS
Secondary DNS
IPV6
Status
Mode
Addresses
5.2.2.1.3 Device details
It can be retrieved by navigating to
Contextual help>>>Home>>>Energy flow diagram>>>Details
Details
Name
Model
P/N
S/N
Location
FW version
5.2.2.2 Physical Protection
Industrial Control Protocols don’t offer cryptographic protections at protocol level, at physical ports and at controller mode switches
leaving them exposed to Cybersecurity risk. Physical security is an important layer of defense in such cases. Network module is
designed with the consideration that it would be deployed and operated in a physically secure location.
Physical access to cabinets and/or enclosures containing Network module and the associated system should be restricted,
monitored and logged at all times.
Physical access to the communication lines should be restricted to prevent any attempts of wiretapping, sabotage. It’s a best
practice to use metal conduits for the communication lines running between one cabinet to another cabinet.
Attacker with unauthorized physical access to the device could cause serious disruption of the device functionality. A
combination of physical access controls to the location should be used, such as locks, card readers, and/or guards etc.
Network module supports the following physical access ports, controller mode switches and USB ports: RJ45, USB A, USB
Micro-B. Access to them need to be restricted.
Do not connect unauthorized USB device or SD card for any operation (e.g. Firmware upgrade, Configuration change and
Boot application change).
Before connecting any portable device through USB or SD card slot, scan the device for malwares and virus.
5.2.2.3
Authorization and Access Control
It is extremely important to securely configure the logical access mechanisms provided in Network module to safeguard the device
from unauthorized access. Eaton recommends that the available access control mechanisms be used properly to ensure that
access to the system is restricted to legitimate users only. And, such users are restricted to only the privilege levels necessary to
complete their job roles/functions.
Ensure default credentials are changed upon first login. Network module should not be commissioned for production with
Default credentials; it’s a serious Cybersecurity flaw as the default credentials are published in the manuals.
No password sharing – Make sure each user gets his/her own password for that desired functionality vs. sharing the
passwords. Security monitoring features of Network module are created with the view of each user having his/her own
unique password. Security controls will be weakened as soon as the users start sharing the password.
The COPY TO CLIPBOARD button will copy the information to the clipboard.
Summary of Contents for INDGW-M2
Page 1: ...UPS Industrial Gateway Card INDGW M2 User s Guide English 06 25 2021 2 1 5 ...
Page 2: ......
Page 24: ...Configuring Modbus Installing the Network Management Module 24 ...
Page 25: ...Configuring Modbus Installing the Network Management Module 25 ...
Page 26: ...Configuring Modbus Installing the Network Management Module 26 ...
Page 38: ...Home Contextual help of the web interface 38 3 2 7 1 3 Battery mode 3 2 7 1 4 Off mode ...
Page 40: ...Home Contextual help of the web interface 40 3 2 7 2 3 Battery mode 3 2 7 2 4 Off mode ...
Page 42: ...Home Contextual help of the web interface 42 3 2 7 3 2 Bypass mode 3 2 7 3 3 Battery mode ...
Page 63: ...Protection Contextual help of the web interface 63 3 5 4 1 Shutdown on power outage criteria ...
Page 65: ...Protection Contextual help of the web interface 65 Example 2 Immediate OFF ...
Page 66: ...Protection Contextual help of the web interface 66 Example 4 Custom Settings 1 ...
Page 268: ...Acronyms and abbreviations Information 268 ...
Page 276: ......