Configuring security in ION devices using ION Setup



Similar documents
UPS System Capacity Management Configuration Utility

StruxureWare Power Monitoring 7.0.1

Event Notification Module TM

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Print Audit 6 - SQL Server 2005 Express Edition

StruxureWare Power Monitoring Expert 7.2

StruxureWare Power Monitoring Expert 7.2

IT Infrastructure Preparation for StruxureWare Power Monitoring Expert 8.0 Installation

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Power Monitoring Expert 7.2

Installing SQL Express. For CribMaster 9.2 and Later

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

WebMeter Internal Web Server Feature

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

How to Program a Commander or Scout to Connect to Pilot Software

TFA Laptop Printing - Windows

PowerLogic ION7550 / ION7650

Integrating LANGuardian with Active Directory

Virtual Office Remote Installation Guide

PowerLogic ION Setup 3.0

Windows Live Mail Setup Guide

How to setup a VPN on Windows XP in Safari.

Instruction Bulletin Retain for future use. POWERLOGIC SMS 4.0, SU1 System Manager Software Setup Guide

Yale Software Library

client configuration guide. Business

Immotec Systems, Inc. SQL Server 2005 Installation Document

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Getting Started with MozyPro Online Backup Online Software from Time Warner Cable Business Class

Configuring the WT-4 for ftp (Ad-hoc Mode)

DESKTOP CLIENT CONFIGURATION GUIDE BUSINESS

Dell Statistica Statistica Enterprise Installation Instructions

Windows Clients and GoPrint Print Queues

These notes are for upgrading the Linko Version 9.3 MS Access database to a SQL Express 2008 R2, 64 bit installations:

Transitioning from TurningPoint 5 to TurningPoint Cloud - LMS 1

Using Microsoft Internet Explorer 6 (Windows 2000/ Windows XP/ Windows Server 2003)

Historian SQL Server 2012 Installation Guide

Setting Up SSL on IIS6 for MEGA Advisor

FTP, IIS, and Firewall Reference and Troubleshooting

Accounts Receivable: Importing Remittance Data

Global VPN Client Getting Started Guide

File Management Utility User Guide

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Lifecycle Service Tool. Operator's manual

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Setup Guide. network support pc repairs web design graphic design Internet services spam filtering hosting sales programming

XenApp/Citrix Program Neighborhood Installation

Personal Call Manager User Guide. BCM Business Communications Manager

Install and Configure Oracle Outlook Connector

QUANTIFY INSTALLATION GUIDE

Installation Instruction STATISTICA Enterprise Small Business

PowerLogic ION Enterprise 6.0

Automatic Setup... 1 Manual Setup... 2 Installing the Wireless Certificates... 18

Login through Citrix

Client Configuration Guide

1. Open Thunderbird. If the Import Wizard window opens, select Don t import anything and click Next and go to step 3.

USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION. August 2014 Phone: Publication: , Rev. C

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Easy Setup Guide for the Sony Network Camera

Wavecrest Certificate

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

Sophos Endpoint Security and Control standalone startup guide

Connecting to a Soundweb TM. London Network

Downloading Driver Files

Windows Server 2003 x64 with Symantec AntiVirus 10 Corporate Edition

Downloading Driver Files

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Velocity Web Services Client 1.0 Installation Guide and Release Notes

Network DK2 DESkey Installation Guide

TECHNICAL BULLETIN. Configuring Wireless Settings in an i-stat 1 Wireless Analyzer

HDAccess Administrators User Manual. Help Desk Authority 9.0

Scan to SMB(PC) Set up Guide

ECA IIS Instructions. January 2005

Pro-Watch Software Suite Installation Guide Honeywell Release 3.81

Non-ThinManager Components

Elluminate Live! Installation and Configuration Guide

CruzNet Secure Set-Up Instructions for Windows Vista

RUNNING TRACKER ON A TERMINAL SERVER

Connecting and Setting Up Your Laptop Computer

SCADAPack E ISaGRAF 3 User Manual

Paytelligence Quick Start Guide

eadvantage Certificate Enrollment Procedures

Browser Client 2.0 Admin Guide

Clock Link Installation Guide. Detailed brief on installing Clock Link

How to connect to VUWiFi

PowerLogic ION Enterprise 5.6

Windows XP with Symantec AntiVirus 10 Corporate Edition

Team Foundation Server 2012 Installation Guide

SATO Network Interface Card Configuration Instructions

All Rights Reserved. Copyright 2006

XStream Remote Control: Configuring DCOM Connectivity

Contents. VPN Instructions. VPN Instructions... 1

QuickBooks Business Accounting Software for Windows

How to Mimic the PanelMate Readout Template with Vijeo Designer

A browser must be open and connected through Jeffco s network How to set up network printing over WI-FI

A-AUTO 50 for Windows Setup Guide

INTRODUCTION MINIMUM SYSTEM REQUIREMENTS INSTALLATION. Retain for future use.

Allworx Installation Course

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

-lead Grabber Business 2010 User Guide

1. Installing The Monitoring Software

Transcription:

70012-0260-00 INSTRUCTION BULLETIN 12/2011 Configuring security in ION devices using ION Setup This document instructs you on how to configure PowerLogic ION devices to help minimize security vulnerabilities, using ION Setup configuration software. This instruction bulletin applies to ION Setup versions up to and including ION Setup version 2.2. This instruction bulletin applies to the following devices: ION8300, ION8400, ION8500, ION8600, ION8650 ION7500, ION7600, ION7500 RTU ION7550, ION7650, ION7550 RTU ION8800 In this document Hazard categories and special symbols.......................... 2 Overview.................................................... 3 Configuring your device s advanced security settings using ION Setup.. 4 Additional device security recommendations..................... 8 Configuring standard security on your device using ION Setup............. 8 Password recommendations....................................... 9 Telnet access................................................... 9 Modbus access.................................................. 9 Device protocols................................................ 10 Additional information Additional information is available for download at www.schneider-electric.com. ION Setup online help ION device documentation ION device template reference Schneider Electric 2195 Keating Cross Road Saanichton, BC Canada V8M 2A5 Tel: 1-250-652-7100 For technical support: Global-PMC-Tech-support@schneider-electric.com (00) + 1 250 544 3010 Contact your local Schneider Electric sales representative for assistance or go to www.schneider-electric.com ION, PowerLogic and Schneider Electric are trademarks or registered trademarks of Schneider Electric in France, the USA and other countries. Other trademarks used are the property of their respective owners. Electrical equipment should be installed, operated, serviced, and maintained only by qualified personnel. No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this material.

Hazard categories and special symbols Configuring security in ION devices using ION Setup Hazard categories and special symbols Read these instructions carefully and look at the equipment to become familiar with the device before trying to install, operate, service or maintain it. The following special messages may appear throughout this manual or on the equipment to warn of potential hazards or to call attention to information that clarifies or simplifies a procedure. The addition of either symbol to a Danger or Warning safety label indicates that an electrical hazard exists which will result in personal injury if the instructions are not followed. This is the safety alert symbol. It is used to alert you to potential personal injury hazards. Obey all safety messages that follow this symbol to avoid possible injury or death. DANGER indicates an imminently hazardous situation which, if not avoided, will result in death or serious injury. WARNING indicates a potentially hazardous situation which, if not avoided, can result in death or serious injury. CAUTION indicates a potentially hazardous situation which, if not avoided, can result in minor or moderate injury. CAUTION CAUTION used without the safety alert symbol indicates a potentially hazardous situation which, if not avoided, can result in equipment damage. Provides additional information to clarify or simplify a procedure. Please note Electrical equipment should be installed, operated, serviced and maintained only by qualified personnel. No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this material. Page 2 of 10

Configuring security in ION devices using ION Setup Overview Overview This document describes best practices and recommendations for ION device security. It also instructs you on how to appropriately configure your default advanced security configuration file (Advanced.scf), default standard security configuration file (Standard.scf) and any other security configuration files used to store and transfer these settings to ION devices using ION Setup configuration software. ION Setup is available as a free download from www.schneider-electric.com. Page 3 of 10

Configuring your device s advanced security settings using ION Setup Configuring security in ION devices using ION Setup Configuring your device s advanced security settings using ION Setup Perform these steps even if you are only using standard security on your device as it will help ensure that the appropriate default settings are used if advanced security is applied at a later date. These are recommended settings, and should be reviewed and implemented based on the specifics of your device s installation. 1. Open the Setup Assistant for your device. See the ION Setup help for instructions 2. Select Security. 3. Select Security Mode and click Edit (or double-click to edit). You may be prompted for a device password. The Open File dialog box appears..by default, security configuration files are stored in...\schneider Electric\ION Setup\Security 4. Select the Advanced.scf file and click Open. The Advanced Security wizard leads you through the configuration procedure. 5. Modify the settings on the Configuration Options screen as follows: New Password: Ensure that your device is not using the default front panel password of 0 (zero). Refer to Password recommendations on page 9 for more information. Web Server: Uncheck Allow Web Server programming unless you are actively using this feature on your device. Allow Modbus programming: Uncheck Allow Modbus programming unless you are actively using this feature on your device. Page 4 of 10

Configuring security in ION devices using ION Setup Configuring your device s advanced security settings using ION Setup Click Next to continue. On devices with the protocol lockout and device access logging features, the Protocol Lockout screen appears. For more information about these features, refer to the ION8650 user guide, available from www.schneider-electric.com 6. Configure the Protocol Lockout screen as follows: Select the checkboxes beside all the protocols to enable the protocol lockout feature. Configure the protocol lockout attempts (recommended eight invalid attempts) and default lockout duration (recommended 24 hours) to reflect your system s security settings. Refer to the ION8650 user guide for more information. Page 5 of 10

Configuring your device s advanced security settings using ION Setup Configuring security in ION devices using ION Setup Click Events to configure device access event priorities for valid login attempts (recommended priority 0), invalid login attempts (recommended priority 128) and lockout events (recommended priority 255). These values will help enable event logging of invalid access attempts and lockouts. Click Next to proceed. The User configuration screen appears. 7. In the User configuration screen, scroll down to the bottom of the user list, and clear the box beside the Factory user in order to disable the default Factory user. Edit the access levels of existing users, add new users and assign user passwords as desired. Click Finish. 8. An advanced security confirmation screen may appear, where you must enter a valid user ID and password before continuing. 9. A file save dialog box appears. Click Yes to store your advanced security configuration to a file. The Save As screen appears Page 6 of 10

Configuring security in ION devices using ION Setup Configuring your device s advanced security settings using ION Setup 10. In the Save As screen, select Advanced.scf and click Save to overwrite the default advanced security configuration file. The default security configuration files are set to read-only by default. To overwrite, right-click on the file in the Save As screen and select Properties. In the General tab, remove the checkmark beside the Read-only attribute and click OK. You should now be able to overwrite the default security configuration file. You have now saved your default advanced security configuration file. Repeat these steps to configure any custom advanced security files in your system. Page 7 of 10

Additional device security recommendations Configuring security in ION devices using ION Setup Additional device security recommendations Configuring standard security on your device using ION Setup If you have already enabled advanced security on your device, do not use standard security. These are recommended settings, and should be reviewed and implemented based on the specifics of your device s installation. 1. Open the Setup Assistant for your device. See the ION Setup help for instructions 2. Select Security. 3. Select Security Mode and click Edit (or double-click to edit). You may be prompted for a password. The Open File dialog box appears. 4. Select Standard and click Open. 5. Modify the settings on the Configuration Options screen as follows: New Password: Ensure that your device is not using the default front panel password of 0 (zero). Refer to Password recommendations on page 9 for more information. Web Server: Uncheck Allow Web Server programming unless you are actively using this feature on your device. Click Finish. A file save dialog box appears. Page 8 of 10

Configuring security in ION devices using ION Setup Password recommendations 6. In the file save dialog box, click Yes to store your standard security configuration to a file. The Save As screen appears. 7. In the Save As screen, select Standard.scf and click Save to overwrite the default standard security configuration file, or enter a new file name and click Save. The default security configuration files are set to read-only by default. To overwrite, right-click on the file in the Save As screen and select Properties. In the General tab, remove the checkmark beside the Read-only attribute and click OK. You should now be able to overwrite the default security configuration file. Password recommendations Perform the following actions to help ensure device password-protected security: Enable front panel security on your device. Ensure the front panel password is not at the default factory value of 0 (zero). Make the all device s passwords, especially the front panel password, as complex as possible, using the full number of characters available. Schedule regular changes to the device s passwords, especially the front panel password. Ensure that your device s password information is maintained in a secure location. Password information is required in order to configure your device. Telnet access All devices that can be accessed using Ethernet must be protected by a properly configured firewall that prevents Telnet access over port 23. Modbus access Use standard security for read-only Modbus access. Use advanced security if you need to read and write Modbus registers. Page 9 of 10

Device protocols Configuring security in ION devices using ION Setup Device protocols Device communication ports must be set to the Factory protocol only when necessary to permit access to Schneider Electric Technical Support and returned to their original settings as soon as possible. Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information