TB9300 Installation and Operation Manual General Safety and Regulatory Information 41
© Tait International Limited April 2024
2.2.4 Anti-tampering Devices
Hardware Network elements should be kept secure to prevent damage from the
elements as well as from unlawful tampering.
The following precautions are recommended:
■ All network elements should be physically secured, where possible.
This includes the use of locked cabinets and the use of seals on
connectors.
■ All network connectors should be sealed with the stick-on type of seal.
The purpose of the seals is to detect unauthorized tampering. The seal
should reveal if any of the connectors have been unplugged or if any
unauthorized equipment has been plugged in.
■ The seals must be difficult to remove without breaking, and must
bridge between the cable and equipment side (plug and socket) of
the connection.
■ Seals must cover any unused network sockets. This includes the
Ethernet connector on the rear panel, any spare switch ports, and
the console port on the router and switch.
■ The seals must be difficult to reproduce. A sticker initialed or
signed by the technician should satisfy this.
■ Seals must be replaced if they need to be disturbed during
maintenance.
Software Keeping the hardware secure is important because easy access to it could
enable attempts to attack the hardware’s IP network.
The following precautions are recommended to protect efforts to tamper
with the software:
■ Changing the default passwords to the WebUI (see Section 5.2.1
Logging In) and for SSH (see Section 4.4.6 Changing the Root
Password)
■ Taking regular backups. It is good practice to take regular backups,
especially when making configuration changes, so that rollbacks are
easy to perform in case of data loss or corruption. Refer to the WebUI
for instructions.
■ Creating a separate user account for each user (ideally using centralized
AAA) so that the audit logs can indicate specifically who logged in and
what they did (refer to the WebUI for instructions)
■ Remote capture of audit information to a syslog collector (which should
be checked periodically)
■ Disabling the front panel keypad (done from the WebUI) when the base
station has been installed and commissioned to prevent access to the
base station via the front panel menus
■ Periodic checks that the base station configuration still matches the
latest backup
To Next Page
Loading...
Need help?
General
