Cyber security
Product manual 2TMD042100D0003
│
36
9.3
Deployment guideline
All devices need to work in security mode by default and. all devices in one system shall be
signed by a public CA at commissioning stage, normally management software acts as CA.
It’s suggested that compatible mode only to be used when device needs to communicate with
previous generation products. In this mode, data transmission between devices are not
encrypted, it may lead to data leaks and has the risk of being attacked.
When user decide to remove the device from system, user shall reset the device to factory
setting in order to remove all the configuration data and sensitive data in the device. This will
prevent sensitive data leak.
It is recommended to apply "MAC filter" and "Rate limiter“ in the switch to prevent DOS attack.
9.4
Upgrading
Device supports firmware updates via management software, a signature file will be used to
verify the authentication and integrity of firmware.
9.5
Backup/Restore
None.
9.6
Malware prevention solution
The device is not susceptible to malware, because custom code cannot be executed on the
system. The only way to update the software is via firmware upgrades. Only firmware signed by
ABB can be accepted.