Ensuring that a data communications network is secure is a never-ending task, with new vulnerabilities being exposed every day. Methods to prevent unauthorised access and protect against a cybersecurity attack vary between industries. However, being proactive enables network administrators to prevent security breaches and be prepared if any incident does occur.
When choosing networking equipment, it is important to consider the level of protection you need, how easy is it to apply the security measures that are available, and what support the manufacturer provides in terms of addressing security vulnerabilities and providing software updates. Whether you want to configure a new network or increase the security of an existing network, we have developed six simple steps to significantly increase security and reduce the risk from cyber threats.
1. Change the default password
Retaining the device default password supplied by the manufacturer makes it very easy to perform maintenance, but this practice creates a significant network vulnerability. Replacing the default password and also moving away from the use of conventional, simple and short passwords reduces the possibility of an external threat guessing or using ‘brute force’ to work out the password and gain unauthorised access to the network. Passwords should use multicharacter, mixed casing, special characters and numerals, with repetition or location names to be avoided.
2. Disable unused ports
Disabling unused ports on networking devices can prevent both authorised users from causing harm to the network by unintentionally plugging in too many cables, or an unauthorised user performing a malicious attack having managed to obtain physical access to the device. For additional security, link alarms can be configured on used ports to identify whether a cable has been removed.
3. Disable unused management services
Networking devices have HTTP enabled by default to allow users to browse the web interface in order to perform configuration steps. HTTP does not offer secure data transmission and should be disabled. Secure connections, such as HTTPS and SSH, are the recommended communication methods to access and configure a networking device. Both connections require the use of a password for authentication, which adds another layer of security.
4. Update to the latest firmware
Updating and securing an operating system is a continuous process. Cyber threats are constantly evolving, which exposes new vulnerabilities within an operating system, requiring manufacturers to perform deep inspection into the software code and the development and release of new updates that prevent exploitation. It is important to update your networking devices with the latest firmware to ensure your networking devices are secure against these new threats. Ideally, manufacturers should provide a software configuration tool that provides an easy method to perform primary, secondary and bootloader updates. These tools help to facilitate the regular practice of performing continuous updates that enhance network security.
Are you up to date with the latest version of WeOS? Download WeOS here
5. Set your date and time
The system log is one of the most important resources available to network engineers and is very simple to use. The system log captures information that enables administrators to identify any authorised or unauthorised access to the network. It can also record when a firewall has been reconfigured. However, it is imperative that the date and time are set correctly, otherwise it can be challenging to determine from the system log the cause of an incident.
6. Report vulnerabilities
Manufacturers of networking devices and software that want to proactively react to cybersecurity threats and security vulnerabilities rely on input from users. Always report any security vulnerabilities to the manufacturer, enabling them to make their software as secure as possible, for everyone.
If you observe a vulnerbillity and need to report one, please view this link and follow the instructions and a representative will be in contact.
Westermo can help to safeguard your assets
Industrial cybersecurity has matured, but remains a challenging and dynamic domain. Whether you have already implemented cybersecurity strategies or are taking your first steps to secure your assets, Westermo is the ideal partner for protecting your critical network infrastructure.
We provide robust and reliable network technology powered by our WeOS operating system, which is continuously updated to comply with the latest cybersecurity guidelines. Using our industrial network management tools, you can build robust and straightforward processes for deploying proper cybersecurity measures that keep your systems, networks and connected devices protected from the latest cyber threats.
Episode 3: Industrial Cybersecurity with Niklas
Westermo's Chief Information Security Officer Niklas Mörth joins host Evelina and Ant for a conversation about industrial cybersecurity in the third episode of the Westermo Podcast. Listen in to hear Niklas's views on topics such as IT/OT convergence, security risks, and the growing sophistication of phishing attempts. Furthermore, Niklas describes how he became interested in cybersecurity and points out one specific rodent that poses an unexpected security threat.
Listen on ➜ Spotify Apple Podcasts Google Podcasts
Carl de Bruin
International sales
For support inquiries, click here to contact Technical Support