Chapter 1
Introduction
RUGGEDCOM WIN
User Guide
2
Security Recommendations
•
Section 1.3, “Time Division Duplexing (TDD)”
•
•
•
Section 1.6, “Convolution Turbo Coding Correction”
•
Section 1.7, “Deployment Models”
•
Section 1.1
Security Recommendations
To prevent unauthorized access to the device, note the following security recommendations:
Authentication
• Replace the default passwords for all user accounts and processes (where applicable) before the device is
deployed.
• Use strong passwords. Avoid weak passwords such as password1, 123456789, abcdefgh, etc. An example of a
strong password would be a password that contains at least eight characters, including a lowercase letter, an
uppercase letter, a numeric character and a special character.
• Make sure passwords are protected and not shared with unauthorized personnel.
• Do not re-use passwords across different user names and systems, or after they expire.
• When RADIUS authentication is done remotely, make sure all communications are within the security perimeter
or on a secure channel.
Physical/Remote Access
• SSL and SSH keys are accessible to users who connect to the device via the serial console. Make sure to take
appropriate precautions when shipping the device beyond the boundaries of the trusted environment:
▫ Replace the SSH and SSL keys with throwaway keys prior to shipping.
▫ Take the existing SSH and SSL keys out of service. When the device returns, create and program new keys for
the device.
• Use a AAA server whenever possible.
• When using SNMP (Simple Network Management Protocol):
▫ Limit the number of IP addresses that can connect to the device and change the community names.
▫ Make sure the default community strings are changed to unique values.
• Limit the number of simultaneous Web Server and SSH sessions allowed.
• Configure remote system logging to forward all logs to a central location.
• Management of the configuration file, certificates and keys is the responsibility of the device owner. Before
returning the device to Siemens for repair, make sure encryption is disabled (to create a cleartext version of the
configuration file) and replace the current certificates and keys with temporary throwaway certificates and keys
that can be destroyed upon the device's return.
Hardware/Software
• Make sure the latest firmware version is installed, including all security-related patches. For the latest
information on security patches for Siemens products, visit the
www.industry.siemens.com/topics/global/en/industrial-security/news-alerts/Pages/alerts.aspx] or the