earth_america
user_standard Log on
action_search_stroke
earth_america
Log on to rate and give feedback 1 2 3 4 5 Log on to rate
0
Concept

Concept


Products: Operator Display
Functionalities: Administration, Security
Product version: 3.3, 2022, 2023, 2024, 7.0
7/22/2021

Hardening Specifics

arrow1_rotationSecure Disposal arrow1_rotationSecure Operations

Operator Display communicates via BACnet/IP over ethernet. The following network rules must be followed when networking the device.

The device is intended to operate on either:

  • A sub-network under an AS-P, or

  • A private network, without external connectivity, or protected by security aware device(s).

Notice

POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY

Do not connect the device to a public network.

Failure to follow these instructions can result in unauthorized access to the BACnet network.

Secure Disposal

When decommissioning Operator Display, ensure all data (including users, logs, and configuration) are erased.

Notice

POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY

Use the Erase all data command accessible from the About screen or perform the Factory Reset procedure when decommissioning Operator Display.

Failure to follow these instructions can result in loss of data or equipment damage.

Secure Operations

All systems require maintenance to help ensure they remain secure.

Notice

POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY

  • Regularly delete or downgrade the role of account users who no longer need access to the device.

  • Ensure users understand they should never share accounts or passwords.

  • Retain strong complexity requirements for passwords when configuring user settings.

Failure to follow these instructions can result in unauthorized or unintended access to the device.

If all administrator passwords are lost, the device must be factory reset to remove all data and create new users.

Notice

POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY

Ensure the administrator password is stored securely.

Failure to follow these instructions can result in unauthorized access to the device, or require recommissioning of the device.

Log files may contain sensitive information like usernames and IP addresses.

Notice

POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY

Encrypt log files before transmission.

Failure to follow these instructions can result in disclosure of information that may be sensitive or private.

See Also

  • Configuration
  • Configuring the IP Network Communication
  • Configuring the BACnet/IP Network Communication
  • Erasing All Data
  • Recovering Operator Display (Factory Reset)
  • User Account Administration
  • Displaying and Exporting Logs