User manual SEFELEC 5x Series 165 v1.06
Following are some best practices that EATON recommends to physically secure your device:
- Secure the facility and equipment rooms or closets with access control mechanisms such
as locks, entry card readers, guards, man traps, CCTV, etc. as appropriate.
- Restrict physical access to cabinets and/or enclosures containing SEFELEC 5x and the asso-
ciated system.
- Physical access to the telecommunication lines and network cabling should be restricted
to protect against attempts to intercept or sabotage communications. It’s a best practice to use
metal conduits for the network cabling running between equipment cabinets
- SEFELEC 5x supports the following physical access ports: RS232C, USB, IEEE488-2,
Ethernet, PLC. Refer to section 12 to 15 of the operating manual.
Access to these ports should be restricted.
- Do not connect removable media (e.g., USB devices) for any operation (e.g., firmware
upgrade, configuration change, or boot application change) unless the origin of the media is
known and trusted.
- Before connecting any portable device through a USB port, scan the device for malware
and viruses.
17.1.4. ACCOUNT MANAGEMENT
Logical access to the device should be restricted to legitimate users, who should be assigned
only the privileges necessary to complete their job roles/functions. Some of the following best
practices may need to be implemented by incorporating them into the organization's written poli-
cies:
- Ensure default credentials are changed upon first login. SEFELEC 5x should not be de-
ployed in production environments with default credentials, as default credentials are publicly
known.
- No Account Sharing - Each user should be provisioned a unique account instead of
sharing accounts and passwords. Security monitoring/logging features in the product are de-
signed based on each user having a unique account. Allowing users to share credentials weak-
ens security.
- Administrative restrict privileges - attackers seek to gain control of legitimate credentials,
especially those for highly privileged accounts. Administrative privileges should be assigned only
to accounts specifically designated for administrative duties and not for regular use.- Leverage
the roles / access privileges, refer to Section 6.6 of the Manual of use to provide users with ac-
cess in several levels depending on the needs of the business. Follow the principle of least privi-
lege (Assign the minimum level of authority and access the system resources required for the
role).
To Next Page
Loading...
Need help?
General
