Potential risks and compensating controls
Address potential risks using these compensating controls:
Area | Issue | Risk | Compensating controls |
User accounts |
Default account settings are often the source of unauthorized access by malicious users. |
If you do not change the default password, unauthorized access can occur. |
Change the default password to help reduce unauthorized access. |
Secure protocols |
Modbus TCP/IP, EtherNet/IP, BACnet/IP, FTP, HTTP, SNMP, SNTP, SMTP and DNP3 protocols are unsecure. The device does not have the capability to transmit encrypted data using these protocols. |
If a malicious user gained access to your network, they could intercept communications. |
For transmitting data over an internal network, physically or logically segment the network. For transmitting data over an external network, encrypt protocol transmissions over all external connections using an encrypted tunnel, TLS wrapper or a similar solution. |