![background image](http://html1.mh-extra.com/html/eaton/9476-et/9476-et_instruction-manual_3897056036.webp)
32
INM 9476-ETG Rev 2
Category
Description
COTS Platform Security
Eaton recommends that customers harden third-
party commercial off-the-shelf (COTS) operating
systems or plat- forms that are used to run Eaton
applications / products (e.g., third party hardware,
operating systems and hyper- visors, such
as those made available by Dell, Microsoft,
VMware, Cisco, etc.).
•
Eaton recommends that customers refer to the
COTS vendor’s documentation for guidance
on how to harden these components.
•
Vendor-neutral guidance is made available by
the Center for Internet Security https://www.
cisecurity.org/ Irrespective of the platform,
customers should consider the following best
practices:
•
Install all security updates made available by
the COTS manufacturer.
•
Change default credentials upon first login.
•
Disable or lock unused built-in accounts.
•
Limit use of privileged generic accounts (e.g.,
disable interactive login).
•
Change default SNMP community strings.
•
Restrict SNMP access using access control
lists.
•
Disable unneeded ports & services.
Account Management
Logical access to the system | device should be
restricted to legitimate users, who should be
assigned only the privileges necessary to complete
their job roles/functions. Some of the following
best practices may need to be implemented by
incorporating them into the organization’s written
policies:
•
Ensure default credentials are changed upon
first login.
•
The 9476 Gigabit Switch should not be
deployed in production environments with
default credentials, as default credentials are
publicly known.
•
No account sharing – Each user should be
provisioned a unique account instead of
sharing accounts and passwords. Security
monitoring/logging features in the product are
designed based on each user having
•
A unique account. Allowing users to share
credentials weakens security.
•
Restrict administrative privileges- Attackers
seek to gain control of legitimate credentials,
especially those for highly privileged accounts.
Administrative privileges should be assigned
only to accounts specifically designated for
administrative duties and not for regular use.