User's Guide
HH1800 User Guide 191
Implement file system encryption.
Use HTTPS when using Web servers across untrusted networks.
Use a two-factor authentication method such as Google Authenticator when the
Honeywell device is connecting to Web applications.
Secure wireless devices.
For information, see Secure Wireless Devices
Set the minimum level of privilege for all external accounts and enforce a strong
password policy.
Use the most recent version of the SDK that supports your application.
Disable all unnecessary access ports, such as FTP.
Use a VPN when the Linux system requires data to traverse an untrusted network.
Use SSL for communication between native applications and specialty servers.
Use intrusion detection on WLAN networks.
Unauthorized Internal Access
This threat encompasses unauthorized access from people or systems with direct access to a Honeywell system
component.
This threat is most difficult since attackers may have legitimate access to part of the systems and are simply trying
to exceed their permitted access.
Unauthorized internal access can result in:
• Loss of system availability.
• The capture, modification, or deletion of data, and
• The theft or damage of system contents.
Mitigation Steps
Implement strong password protection on Honeywell Solution components and
include a password lifetime management policy, reuse policy, and strength of
policy for passwords.
Go to http://www.honeywellaidc.com to download
the user guide specific to your computer model.
Monitor system access
Securing barcode scanner series
Honeywell recommendations for securing barcode scanner series:
• Enforce the most restrictive set of rights/privilege to access barcode scanner series and it’s assets needed by users or processes for the
performance or specific tasks. Specifically prohibit, remove, and/or restrict the use of unnecessary functions, ports, protocols, and/ or
services. This would include access to scripts debuggers, etc. Log requests for access to assets.
• Use the proper setting of privilege.
• Ensure access is restricted to administrators for secure process channels, devices, and components related to barcode scanner series.
• Enforce proper configuration at installation of barcode scanner series and its components, including secure by default, baseline
configurations for detection of unauthorized changes, and configuration of least functionality required and management of
configuration changes. When possible, the configuration should be automatically traced and reported.