Secure configuration management
Authentication and tracing logs
Misconfiguration is a common issue in network Cyber Security events. They may be caused by intentional or unintentional operator changes, or sometimes by attacks from external networking.
According to ISA62443 specification, any networking component that can be configured dynamically should follow the below principles:
1. User identification and authentication: The component should enforce identification and authentication on the interfaces that provide human user access, with every user having a different account and privileges. The top administrator alone can change the settings, while operation engineers can only observe device configurations.
2. Non-repudiation for user actions: The component should be able to determine if an action was performed by a human user, and the action should be logged in a human-readable report containing the timestamp, user account, and details of the event.
3. Configuration integrity checking: If the component supports configuration files, it should also be able to check file integrity to avoid damage by corrupted files.
Authentication should include two-step verification, with a physical component kept by the top administrator as well as a general virtual account password. Both the physical key and the virtual account password for the device are required in order to access configuration mode and change settings.
In addition, if the device is on the border of a secure network, setting changes should only be available from the secure network site to avoid attacks from the exposed interface.
Usually, configurations are not changed once a secure component is put into field operation. If a change is unavoidable, however, it should be executed through the most secure means and properly recorded. These records may not be deleted.
Our solutions utilize two-factor authentication, and configurations are allowed only from the secure site to ensure that there is no risk of configuration changes from the outside. Any changes are logged and can also be synchronized to redundant devices. For more detail, contact us.