4
2 Safety notes
Installation and Operating Instructions Web-Controller
40071860236 (E) February 2019 www.eaton.com
2 Safety notes
CAUTION
O
O
The CGLine web interface must be operated in an
undamaged and functional state.
O
O
When carrying out maintenance work to the device the
device must be switched off.
O
O
When carrying out device maintenance, observe nation-
al safety and accident prevention regulations and the
safety notes in the operating instructions below desig-
nated with
.
3 Conformity to standards
Compliant with: EN 60950-1. Developed, manufactured
and tested according to DIN EN ISO 9001.
CYBERSECURITY
This chapter provides guidelines to securely deploy the
Web-Controller and minimize the cybersecurity
risk to the installer system.
O
O
Asset identification and inventory:
Ensure that the
Web-Controller is labelled and inventoried
using the Part num¬ber and Mac address printed on
the product label, and also the IP address configured
during the installation of the material and actual firm-
ware version.
O
O
Restrict Physical access:
Ensure that physical access
to the Web-Controller is restricted only to
authorized user(s). Web-Controller supports
the physical access ports RJ-45, USB that can be used
to tamper the device. Access to these ports should be
restricted to authorized personnel only. Secure the facil-
ity and equipment rooms or closets with access control
mechanisms such as locks, entry card readers, guards,
man traps, CCTV, etc. as appropriate. Monitor and log
the access at all times. Before connecting any portable
device through a USB port or SD card slot, scan the
device to prevent unauthorized access.
O
O
Restrict Logical access:
Access to ‘Admin’ & ‘Service’
user accounts should be restricted to authorized per-
sonnel only as system configuration can be tampered
by abusing these accounts. Ensure password length,
complexity and expiration requirements are appropriate-
ly set, particularly for all administrative accounts (e.g.,
minimum 10 characters, mix of upper- and lower-case
and special characters, and expire every 90 days, or oth-
erwise in accordance with your organization’s policies).
O
O
Restrict Network Access:
Ideally, Web-
Controller should be installed on a segregated net-
work. However, when the Web-Controller is
connected to a wider network, make sure that the IP
address and MAC address are filtered at the router
side, or using a firewall. In addition to this, open only
the ports used by the Web-Controller (SMTP
as configured, 587 for SMTPS, 443 for HTTPS, and
5000 for OPC communication).
O
O
Logging and event management:
Make sure you
log all relevant system and application events, includ-
ing all administrative and maintenance activities. Logs
should be protected from tampering and other risks
to their integrity (for example, by restricting permis-
sions to access and modify logs, transmitting logs to
a security information and event management system,
etc.). Ensure that logs are retained for a reasonable and
appropriate length of time. Review the logs regularly.
The frequency of review should be reasonable, taking
into account the sensitivity and criticality of the
Web-Controller and any data it processes. The details
how to export the logs are defined in chapter 7.14.
O
O
Secure maintenance:
In case the firmware of the
device needs to be updated, you will be contacted by
your Eaton local support.
O
O
Business continuity / cybersecurity disaster recov-
ery:
Eaton recommends incorporating Web-
Controller into the organization’s business continuity
and disaster recovery plans. Organizations should
establish a Business Continuity Plan and a Disaster
Recovery Plan and should periodically review and,
where possible, exercise these plans. As part of the
plan, important device data should be backed up and
securely stored, including the current configuration and
documentation of the current permissions / access con-
trols, if not backed up as part of the configuration. The
PC can be used to save the configuration of a
Web-Controller using the “save file” button in
the main page.
O
O
Decommissioning:
It is a best practice to purge
data before disposing of any device containing data.
Guidelines for decommissioning are provided in NIST
SP 800-88. To ensure data is unrecoverable,
Web-Controller must be securely destroyed. Method
of destruction include disintegration, Incineration,
Pulverization, or Melting of the electronic inside the
Web-Controller.