User Manual
Moxa’s Managed Switch Next Generation OS (v3.x) User Manual
202
2. Below is a list of the recommended secure browsers that support TLS v1.2 or above:
Browser
Version
Microsoft Edge
All
Microsoft Internet Explorer
v11 or above
Mozilla Firefox
v27 or above
Google Chrome
v38 or above
Apple Safari
v7 or above
Reference: https://support.globalsign.com/ssl/general-ssl/tls-protocol-compatibility#Browsers
3. The device supports event logs and syslog for SIEM integration:
a. Event log: Due to limited storage capacity, the event log can only accommodate a maximum of
10,000 entries. Administrators can set a warning for a pre-defined threshold. We recommend that
users regularly back up system event logs. Please refer to Event Log section for detailed
instructions.
b. Syslog: the device supports syslog, and advanced secure TLS-based syslog for centralized SIEM
integration. Please refer to Syslog Settings section for detailed instructions.
4. The device can provide information for control system inventory:
a. SNMPv1, v2c, v3: We recommend administrators use SNMPv3 with authentication and encryption to
manage the network. Please refer to the MIB File for detailed instructions.
b. Telnet/SSH: We recommend that administrators use SSH with authentication and encryption to
retrieve device properties.
c. HTTP/HTTPS: We recommend that administrators use HTTPS with a certificate that has been granted
by a Certificate Authority to configure the device.
5. Denial of Service protection: To avoid disruption of normal operation of the switch, administrators
should configure the QoS function. The device supports ingress rate limit and egress shaper.
Administrators can decide how to deal with excess data flow and configure the device accordingly. This
process will regulate the resulted data rate per port. Please refer to QoS section for detailed
instructions.
6. Time synchronization with authentication: Time synchronization is crucial for process control. To
prevent malicious attacks whereby the settings are changed without permission, authentication must be
in place between the NTP server and client. The device supports NTP with a pre-shared key. Please refer
to NTP section for detailed instructions.
7. Periodically regenerate the SSH and SSL certificates: Even though the device supports RSA 2048-bit
and SHA-256 to ensure sufficient complexity, we strongly recommend that users frequently renew their
SSH key and SSL certificate in case the key is compromised. Please refer to SSH & SSL section for
detailed instructions.
8. Below is the list for the protocol port numbers used for all external interfaces.
Protocol
Service Type
Port Number
TCP
SSH
22
Telnet
23
HTTP
80
HTTPS
443
UDP
DHCP
67
NTP
123
SNMP
161
Moxa Service
40404
Maintenance
1. Perform firmware upgrades frequently to enhance features, deploy security patches, or fix bugs.
2. Frequently back up the system configurations: In order to properly protect the system configuration
files from being tampered with, the device supports password encryption and signature authentication
for backup files.
3. Examine event logs frequently to detect any anomalies.
4. To report vulnerabilities of Moxa products, please submit your findings on the following web page:
https://www.moxa.com/en/support/product-support/security-advisory/report-a-vulnerability.