Securing An Ecy-Stat; Introduction; Passwords; Change The Default Platform Credentials - Distech Controls ECLYPSE ECY-STAT User Manual

Securing an ECY-STAT

CHAPTER 10
Securing an ECY-STAT
This section describes how to secure an ECY-STAT from unauthorized access and use.

Introduction

This chapter describes how to implement best security practices for ECY-STAT controllers. Security is
built up layer upon layer to make the system more resistant to attacks. This involves taking simple but
effective steps to implement built-in security features.

Passwords

A username / password combination (or credentials) authenticates a user's access rights to a con-
troller. If an attacker gains access to a user's password, the attacker has access to carry out any ac-
tion on the controller that is allowed by that user's permissions.

Change the Default Platform Credentials

At the first connection to an ECY-STAT you will be forced to change the password to a strong pass-
word for the admin account to protect access to the controller.
It is important to create new user accounts with strong passwords to protect the controller from unau-
thorized access. The username / password can be changed in User Management and see also Sup-
ported RADIUS Server Architectures.

Use Strong Passwords

Passwords should be hard to guess. Avoid birth dates and common keyboard key sequences. A pass-
word should be composed of a random combination of 8 or more uppercase and lowercase letters,
numbers, and special characters.
Do not allow a browser to remember a user's login credentials
When logging into a controller with certain browsers, the browser asks to remember a user's login cre-
dentials. When this option is set, the next time the user logs in, the credentials will automatically be
filled in. While this is convenient, anyone with access to the computer can login using those creden-
tials. Do not set this option for administrator accounts or when accessing an account from an unsecure
computer.

Account Management and Permissions

User accounts must be properly managed to make it harder for an attacker to compromise security,
and to make it easier to detect that an attack has occurred. To set user account parameters, see User
Management.

Use a Different Account for Each User

Each user account should represent an individual user. Multiple users or user groups should not share
an account.
98 ECLYPSE Connected Thermostat (ECY-STAT)