Manualshelf

User Manual

ManualsBrandsMOXA ManualsNext Generationmoxa M5300 Managed Switch Next Generation
191192193194195196197198199200
Moxa’s Managed Switch Next Generation OS (v3.x) User Manual
200
D. Security Guidelines
This appendix explains security practices for installing, operating, maintaining, and decommissioning the
device. Moxa strongly recommends that our customers follow these guidelines to enhance network and
equipment security.
Installation
Physical Installation
1. The device MUST be installed in an access controlled area, where only the necessary personnel have
physical access to the device.
2. The device MUST NOT be directly connected to the Internet, which means switches MUST be installed
within a security perimeter, which can be implemented by a firewall at the border since the device is not
classified as zone/boundary equipment.
3. Please follow the instructions in the Quick Installation Guide, which is included in the package, to ensure
you install the device correctly in your environment.
4. The device has anti-tamper labels on the enclosures. This allows an administrator to tell whether the
device has been tampered with.
5. The ports that are not in use should be deactivated. Please refer to Port Interface section for detailed
instructions.
Account Management
Follow these best practices when setting up an account.
1. Each account should be assigned the correct privileges: Only allow the minimum number of people to
have admin privilege so they can perform device configuration or modifications, while other users
should only have read access privilege. The device supports both local account authentication and
remote centralized mechanism, including Radius and TACACS+.
2. Change the default password, and strengthen the account password complexity by:
a. Enabling the “Password Policy” function.
b. Increasing the minimum password length to at least eight characters.
c. Defining a password policy to ensure that it contains at least an uppercase and lowercase letter, a
digit, and a special character.
d. Setting user passwords to expire after a certain period of time.
3. Enforce regulations that ensure that only a trusted host can access the device. Please refer to Trusted
Access section for detailed instructions.