Configure Bi-Level Security With Security Switch - ABB XIO-08 User Manual

Recommendation
Secure SSH/SFTP
access
Secure software
updates
Manage credentials
8.5

Configure bi-level security with security switch

This procedure activates secured access to the XIO by changing the default (OFF) position of the security
switch and configuring bi-level security codes.
Switch-enforced security applies to access from PCCU. Access for remote controllers through the XIO
Interface requires that the controller has the XIO level 2 security code before connection attempt. The
security code is required regardless of security switch position. If you change the default security codes on
the XIO (default code is 0000 for both levels), to private customer codes, make sure you configure the
same level 2 code on the RMC. Refer to section
RMC.
IMPORTANT NOTE: After this procedure is completed, connection to the XIO is restricted to
users with the correct security codes.
This procedure requires access to the XIO security switch. If the XIO is installed inside an
enclosure, access to the interior of the enclosure is required.
To enable security:
Figure 8-2: XIO security switch
Description
Enable the SSH/SFTP service only when required.
Change the default SSH/SFTP private keys for all accounts.
The SSH/SFTP private keys should always be passphrase-protected.
See section 8.7 Secure the SSH/SFTP
Enable the Totalflow Software Update service only when required.
Use RBAC to limit the ability to enable/disable this service.
Store all private credentials, keys, and security codes in safe locations and share this
information only with properly trained and authorized personnel.
Change or update as needed.
service.
8.5.1 Configure non-default XIO security code on the
XIO USER MANUAL | 2106424MNAA | 121