User Manual

ManualsBrandsMOXA ManualsNext Generationmoxa M5300 Managed Switch Next Generation

194

195

196

197

198

199

200

201

202

203

Moxa’s Managed Switch Next Generation OS (v3.x) User Manual

201

Vulnerable Network Ports

1. For network security concerns, we strongly recommend that you change the port numbers, such as TCP

port numbers for HTTP, HTTPS, Telnet, and SSH, for the protocols that are in use; ports that are not in

use but are still reachable pose an unacceptable security risk and should be disabled. Refer to the

Management Interface section for detailed instructions.

2. In order to avoid eavesdroppers from snooping confidential information, users should adopt encryption-

based communication protocols, such as HTTPS instead of HTTP, SSH instead of Telnet, SFTP instead of

TFTP, SNMPv3 instead of SNMPv1/v2c, etc. In addition, the maximum number of sessions should be

kept to an absolute minimum. Please refer to Management Interface section for detailed instructions.

3. Users should generate the SSL certificate for the device before commissioning HTTPS or SSH

applications. Please refer to SSH & SSL section for detailed instructions.

Operation

1. In order to ensure that communications are properly protected, use a strong cryptographic algorithm for

key exchange or encryption protocols for HTTPS/SSH applications. The device follows the NIST SP800-

52 and SP800-131 standards, and supports TLS v1.2 and v1.3 with the following cipher suites:

TLS V1.2

Cipher suite name Key exchange Authentication Encryption

Hash

function

TLS_ECDHE_RSA_WITH_CHACHA20_PO

LY1305_SHA256

ECDHE RSA

CHACHA20-

POLY1305

SHA256

TLS_ECDHE_ECDSA_WITH_AES_128_G

CM_SHA256

ECDHE ECDSA AES128 SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM

_SHA256

ECDHE RSA AES128 SHA256

TLS_ECDHE_RSA_WITH_AES_256_GCM

_SHA384

ECDHE RSA AES256 SHA384

TLS_DHE_RSA_WITH_AES_128_GCM_S

HA256

Ephemeral

RSA AES128 SHA256

TLS_DHE_RSA_WITH_AES_256_GCM_S

HA384

Ephemeral

RSA AES256 SHA384

TLS_DHE_RSA_WITH_CHACHA20_POLY

1305_SHA256

Ephemeral

RSA

CHACHA20-

POLY1305

SHA256

TLS_ECDHE-RSA_WITH_AES256-

SHA384

ECDHE RSA AES256 SHA384

TLS_ECDHE_RSA_WITH_AES_128_CBC

_SHA256

ECDHE RSA AES128 SHA256

TLS_ECDHE_ECDSA_WITH_CHACHA20_

POLY1305_SHA256

ECDHE ECDSA

CHACHA20-

POLY1305

SHA256

TLS_ECDHE_RSA_WITH_AES_256_CBC

_SHA384

ECDHE RSA AES256 SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_C

BC_SHA384

ECDHE ECDSA AES256 SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_C

BC_SHA256

ECDHE ECDSA AES128 SHA256

TLS V1.3

Cipher suite name Key exchange Encryption Mode

Hash

function

TLS_AES_256_GCM_SHA384

any

AES256

GCM

SHA384

TLS_CHACHA20_POLY1305_SHA256 any

CHACHA20-

POLY1305

N/A SHA256

TLS_AES_128_GCM_SHA256

any

AES128

GCM

SHA256