Advertisement
APPENDIX B: Recommended security
hardening guidelines
The UPS has been designed with cybersecurity as an important consideration. Number of
cybersecurity features are now offered in the product which, if implemented as per the
recommendations in this section, would minimize the cybersecurity risk to the UPS. The "secure
configuration" or "hardening" guidelines provide information to the users to securely deploy and
maintain their product to adequately minimize the cybersecurity risks to their system.
Our company is committed to minimizing the cybersecurity risk in its products and deploys
cybersecurity best practices and latest cybersecurity technologies in its products and solutions,
making them more secure, reliable and competitive for our customers. Our company also offers
Cybersecurity Best Practices whitepapers to its customers that can be referenced at
.
cybersecurity
Category
Asset identification and
inventory
Physical protection
Authorization and
access control
EATON 93PM G2 UPS
USER'S AND INSTALLATION
GUIDE
Description
Keeping track of all the devices in the system is a prerequisite for
effective management of cybersecurity of a system. Make sure that
you maintain an inventory of all uniquely identify each component. To
facilitate this, the UPS supports the following identifying information:
manufacturer, type, serial number, f/w version number, and location.
Users can extract device information at locations mentioned below:
Product number, serial number and UPS name are listed on the
•
Information screen
Firmware versions can be found on the About screen
•
Industrial Control Protocols do not offer cryptographic protections at
protocol level, at physical ports and at controller mode switches,
leaving them exposed to cybersecurity risk. Physical security is an
important layer of defense in such cases. The UPS is designed with
the consideration that it would be deployed and operated in a
physically secure location.
Physical access to the communication lines should be restricted to
•
prevent any attempts of wiretapping or sabotage. It is a best practice
to use metal conduits for the communication lines running from one
cabinet to another cabinet.
An attacker with unauthorized physical access to the device could
•
cause serious disruption of the device functionality. A combination of
physical access controls to the location should be used, such as
locks, card readers, and/or guards.
The UPS supports the following physical access ports: RS232, USB
•
and slots for communication cards. Access to them must be
restricted.
Do not connect an unauthorized USB device, CD/DVD or SD card
•
for any operation (for example, firmware upgrade, configuration
change and boot application change).
Before connecting any portable device through USB, CD/DVD or SD
•
card slot, scan the device for malwares and viruses.
It is extremely important to securely configure the logical access
mechanisms provided in the UPS to safeguard the device from
unauthorized access. Our company recommends that the available
access control mechanisms be used properly to ensure that access to
the system is restricted to legitimate users only. And, such users are
P-164000956 - February 2021
www.eaton.com/
www.eaton.eu
1 1 0 0 5 5
Advertisement
