Security Configuration Recommendations

There are some general security configuration recommendations for your device.

Do not add more users than those who need access, and evaluate your system needs before granting users access to critical pages, for example, Firewall Management or Device Settings.
Limit the number of IP addresses that have access to the Com’X.
Do not use SHA1 certificates.

WARNING
Potential compromise of system availability, integrity, and confidentiality Change default passwords to help prevent unauthorized access to device settings and information. Disable unused ports/services and default accounts, where possible, to minimize pathways for malicious attacks. Place networked devices behind multiple layers of cyber defenses (such as firewalls, network segmentation, and network intrusion detection and protection). Use cybersecurity best practices (for example: least privilege, separation of duties) to help prevent unauthorized exposure, loss, modification of data and logs, interruption of services, or unintended operation. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

Potential compromise of system availability, integrity, and confidentiality

Change default passwords to help prevent unauthorized access to device settings and information.
Disable unused ports/services and default accounts, where possible, to minimize pathways for malicious attacks.
Place networked devices behind multiple layers of cyber defenses (such as firewalls, network segmentation, and network intrusion detection and protection).
Use cybersecurity best practices (for example: least privilege, separation of duties) to help prevent unauthorized exposure, loss, modification of data and logs, interruption of services, or unintended operation.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

NOTE: Table below lists risks and best practices associated with unsecure protocols. It is highly recommended to follow these best practices.

Unsecure protocols	Risks	Best Practices
SMTP	Threat of malware. Unauthorized access to data. Threat of data leakage. Email contents transferred in plain-text.	For publication: Select SMTP with either SSL/TLS or SMART TLS configured for publication.
HTTP	Cross site scripting. Broken authentication and session management. Cross-site request forgery. Eavesdropping and tampering.	For network configuration: Disable HTTP. Select HTTPS for network connections. For publication: Do not select HTTP. Select HTTPS with authentication.
FTP	FTP brute force attack. Packet sniffing. Spoof attack. User credentials can be compromised since all authentication is done in clear-text.	For publication: Do not use FTP. Select either HTTPS with authentication, or SMTP with either SSL/TLS or SMART TLS configured for publication.
Modbus TCP/IP	Message interception. Information capture. Arbitrary command issuance. Unauthorized users can gather and /or tamper device configurations.	For Modbus device communications: Limit access to Modbus Communications by use of Modbus TCP/IP Filtering. Disable the Modbus port for each network interface when not in use.