Chapter 1
Introduction
RUGGEDCOM ROS
User Guide
4 Security Recommendations
• Make sure passwords are protected and not shared with unauthorized personnel.
• Passwords should not be re-used across different user names and systems, or after they expire.
• If RADIUS authentication is done remotely, make sure all communications are within the security perimeter or
on a secure channel.
Physical/Remote Access
• Do not connect the device to the Internet. Deploy the device only within a secure network perimeter.
• Restrict physical access to the device to only authorized personnel. A person with malicious intent could extract
critical information, such as certificates, keys, etc. (user passwords are protected by hash codes), or reprogram
the device.
• Control access to the serial console to the same degree as any physical access to the device. Access to the serial
console allows for potential access to the RUGGEDCOM ROS boot loader, which includes tools that may be used
to gain complete access to the device.
• Only enable services that will be used on the device, including physical ports. Unused physical ports could
potentially be used to gain access to the network behind the device.
• If SNMP is enabled, limit the number of IP addresses that can connect to the device and change the community
names. Also configure SNMP to raise a trap upon authentication failures. For more information, refer to
Section5.6, “Managing SNMP” .
• Avoid using insecure services such as Telnet and TFTP, or disable them completely if possible. These services are
available for historical reasons and are disabled by default.
• Limit the number of simultaneous Web Server, Telnet and SSH sessions allowed.
• Configure remote system logging to forward all logs to a central location. For more information, refer to
Section3.5, “Managing Logs” .
• Configuration files are provided in the CSV (comma separated values) format for ease of use. Make sure
configuration files are properly protected when they exist outside of the device. For instance, encrypt the files,
store them in a secure place, and do not transfer them via insecure communication channels.
• Management of the configuration file, certificates and keys is the responsibility of the device owner.
Consider using RSA key sizes of at least 2048 bits in length and certificates signed with SHA256 for increased
cryptographic strength. Before returning the device to Siemens for repair, make sure encryption is disabled (to
create a cleartext version of the configuration file) and replace the current certificates and keys with temporary
throwaway certificates and keys that can be destroyed upon the device's return.
• Be aware of any non-secure protocols enabled on the device. While some protocols, such as HTTPS and SSH, are
secure, others, such as Telnet and RSH, were not designed for this purpose. Appropriate safeguards against non-
secure protocols should be taken to prevent unauthorized access to the device/network.
• Configure port security features on access ports to prevent a third-party from launching various attacks that can
harm the network or device. For more information, refer to Section5.9, “Managing Port Security” .
Hardware/Software
• Make sure the latest firmware version is installed, including all security-related patches. For the latest
information on security patches for Siemens products, visit the Industrial Security website [http://
www.industry.siemens.com/topics/global/en/industrial-security/news-alerts/Pages/alerts.aspx] or the
ProductCERT Security Advisories website [http://www.siemens.com/innovation/en/technology-focus/
siemens-cert/cert-security-advisories.htm] . Updates to Siemens Product Security Advisories can be obtained
by subscribing to the RSS feed on the Siemens ProductCERT Security Advisories website, or by following
@ProductCert on Twitter.
• Configure port security features on access ports to prevent a third-party from launching various attacks that can
harm the network or device. For more information, refer to Section5.9, “Managing Port Security” .