Cyber security
Product manual 2TMD041800D0006
│
39
10.3
Deployment guideline
All devices need to work in security mode by default and. all devices in one system shall be
signed by a public CA at commissioning stage, normally management software acts as CA.
It’s suggested that compatible mode only to be used when device needs to communicate with
previous generation products. In this mode, data transmission between devices are not
encrypted, it may lead to data leaks and has the risk of being attacked.
When user decide to remove the device from system, user shall reset the device to factory
setting in order to remove all the configuration data and sensitive data in the device. This will
prevent sensitive data leak.
It is recommended to apply "MAC filter" and "Rate limiter“ in the switch to prevent DOS attack.
10.4
Upgrading
Device supports firmware updates via management software, a signature file will be used to
verify the authentication and integrity of firmware.
10.5
Backup/Restore
None.
10.6
Malware prevention solution
The H8138.T-. device is not susceptible to malware, because custom code cannot be executed
on the system. The only way to update the software is via firmware upgrades. Only firmware
signed by ABB can be accepted.
10.7
Password rule
The user must change the engineering password when accessing the engineering settings for
the first time. This engineering password must not include continuously increasing or
decreasing numbers (e.g. 12345678, 98765432), and three consecutive identical numbers are
similarly not permitted (e.g. 123444, 666888).