Table of Contents
Advertisement
10.3
Deployment guideline
All devices need to work in security mode by default and. all devices on one system are to be
signed by a public CA at commissioning stage; normally the management software acts as CA.
It is suggested that compatible mode is only used when the device needs to communicate with
previous generation products. In this mode, data transmission between devices is not
encrypted, may lead to data leaks and involves a risk of attacks.
When user decide to remove the device from system, user shall reset the device to factory
setting in order to remove all the configuration data and sensitive data in the device. This will
prevent sensitive data leak.
It is recommended to apply "MAC filter" and "Rate limiter" in the switch to prevent DOS attack.
10.4
Upgrading
The device supports firmware updates via the management software, where a signature file is
used to verify the authentication and integrity of the firmware.
10.5
Backup/restore
None
10.6
Malware prevention solution
The device H8303 is not susceptible to malware, because custom code cannot be executed on
the system. The only way to update the software is by firmware upgrading. Only firmware
signed by Busch-Jaeger can be accepted.
10.7
Password rule
The user must change the engineering password when accessing the engineering settings for
the first time. This engineering password must not include increasing or decreasing numbers
(e.g. 123456, 654321). Three consecutive identical numbers are similarly not permitted (e.g.
123444, 666888).
Product manual 2TMD041800D0020
Cyber security
│50
Advertisement
Table of Contents
