Overview
1.3 Security Recommendations
the RSS feed on the Siemens ProductCERT SSecurity Advisories website, or by fol-
lowing @ProductCert on Twitter.
• Only enable the services that will be used on the module, including physical
ports. Unused physical ports could potentially be used to gain access to the net-
work behind the module.
• When using the Windows®-based version of the RUGGEDCOM APE1808, use Bit-
locker to avoid unauthorized access to sensitive information stored on the hard
drive.
Authentication
• When using the Linux-based version of the RUGGEDCOM APE1808, add an ad-
ministrative account, disable the root user on Debian Linux, and replace any de-
fault passwords. For a list of default user profiles and passwords, refer to
ging in to RUGGEDCOM APE1808 (Page 11)"
• To prevent unauthenticated access to the BIOS, configure a supervisor password
and set the power on password. For more information, refer to
• When using the Linux-based version of the RUGGEDCOM APE1808, ensure the
GRUB bootloader password is configured. For more information, refer to
the GRUB Bootloader Password (Page 14)"
• Use strong passwords. Avoid weak passwords such as
password1
,
123456789
,
abcdefgh
, etc.
• Passwords should not be re-used across different usernames and systems, or af-
ter they expire.
• Make sure to take appropriate precautions when shipping the module beyond
the boundaries of the trusted environment:
• If SSH and SSL keys are configured, replace the existing keys with
throwaway
keys prior to shipping.
• If SSH and SSL keys are configured, take the existing keys out of service.
When the module returns, create and program new keys for the module.
Communication
• Log messages should be delivered using TLS-encrypted syslog over TCP to pre-
vent them from being sent as plain text.
Physical/Remote Access
• Do not connect the device to the Internet. Deploy the device only within a secure
network perimeter.
• Exercise extreme caution when changing any settings in the BIOS. For example,
USB and PXE boot are disabled by default; enabling these settings is not advis-
able for securing the module.
• Control access to the USB, SD Card slot, and gigabit Ethernet ports to the same
degree as any physical access to the module.
4
RUGGEDCOM APE1808
Configuration Manual, 11/2019, C79000-G8976-1415-03
Содержание SIMATIC NET RUGGEDCOM APE1808
Страница 5: ...Table of Contents iv RUGGEDCOM APE1808 Configuration Manual 11 2019 C79000 G8976 1415 03 ...
Страница 9: ...Preface Customer Support viii RUGGEDCOM APE1808 Configuration Manual 11 2019 C79000 G8976 1415 03 ...
Страница 27: ...Frequently Asked Questions 18 RUGGEDCOM APE1808 Configuration Manual 11 2019 C79000 G8976 1415 03 ...