RUGGEDCOM ROS
User Guide
Chapter 1
Introduction
Security Recommendations and Considerations
3
•
Port Statistics and RMON (Remote Monitoring)
RUGGEDCOM ROS provides continuously updating statistics per port that provide both ingress and egress packet
and byte counters, as well as detailed error figures.
Also provided is full support for RMON statistics. RMON allows for very sophisticated data collection, analysis
and detection of traffic patterns.
•
Multicast Filtering
RUGGEDCOM ROS supports static multicast groups and the ability to join or leave multicast groups dynamically
using IGMP (Internet Group Management Protocol) or GMRP (GARP Multicast Registration Protocol).
•
Event Logging and Alarms
RUGGEDCOM ROS records all significant events to a non-volatile system log allowing forensic troubleshooting.
Events include link failure and recovery, unauthorized access, broadcast storm detection, and self-test
diagnostics among others. Alarms provide a snapshot of recent events that have yet to be acknowledged by
the network administrator. An external hardware relay is de-energized during the presence of critical alarms,
allowing an external controller to react if desired.
•
HTML Web Browser User Interface
RUGGEDCOM ROS provides a simple, intuitive user interface for configuration and monitoring via a standard
graphical Web browser or via a standard telcom user interface. All system parameters include detailed
online help to make setup a breeze. RUGGEDCOM ROS presents a common look and feel and standardized
configuration process, allowing easy migration to other managed RUGGEDCOM products.
•
Brute Force Attack Prevention
Protection against Brute Force Attacks (BFAs) is standard in RUGGEDCOM ROS. If an external host fails to log in
to the Terminal or Web interfaces after a fixed number of attempts, the service will be blocked for one hour.
Section 1.2
Security Recommendations and Considerations
This section describes important security-related recommendations and suggestions that should be considered
before implementing the RS900 on any network.
CONTENTS
•
Section 1.2.1, “Security Recommendations”
•
Section 1.2.2, “Credential Files”
Section 1.2.1
Security Recommendations
To prevent unauthorized access to the device, note the following security recommendations:
Authentication
• Replace the default passwords for all user accounts and processes (where applicable) before the device is
deployed.
• Use strong passwords with high randomization (i.e. entropy), without repetition of characters. Avoid weak
passwords such as
password1
,
123456789
,
abcdefgh
, and any dictionary words or proper names in any
combination. For more information about creating strong passwords, refer to the password requirements in
Section 4.3, “Configuring Passwords”
.