Important Cookie Information

This website uses absolutely necessary cookies. If you consent to the use of convenience cookies, please click “Yes, I agree.” By clicking on “Privacy Settings.” you can change this setting at any time and withdraw your given consent. Icon down see more You can find detailled information in our Privacy Policy Icon forward-right
Icon up see less

Bosch Building Technologies

    cancel
    Showing results for 
    Search instead for 
    Did you mean: 

    How to Protect Conettix Devices from Network Attack

    Here is a list of actions that can be taken to secure your Conettix device.

    This list will vary depending on the Conettix device type.   For example, the D6680 has a COM port, but the DX4020 does not.  Therefore, you commonly will not want to disable telnet on the DX4020, but passwords can be used.  Most of these settings will be found under the Security heading of the device server’s configuration.

    • Secure Telnet setup
      • We recommend adding a Telnet password to deter anyone from accessing the product without proper authorization.  Four characters can be entered by default.  Enter up to 20 characters by enabling Enhanced Password in Security Settings.
    • Disable Port 77fe
      • Port 77fe is the hex representation of the TCP & UDP port used for configuration.  77Fe translates to port number 30718 and allows Device Installer, the Web manager, and custom programs to configure the unit remotely.  This port could be exploited if left open.
    • Disable SNMP (Simple Network Management Protocol)
      • SNMP is an application layer protocol that facilitates the exchange of management information between network devices.  If SNMP for management is not being used, disable SNMP support.  If SNMP is being used for management, change the Community name from the default name. This will help prevent unauthorized SNMP access.
    • Disable Telnet setup *Note-Enabling this option may not allow you further access to the device!*
      • Disabling Telnet setup prevents remote access to the configuration of the device server, allowing only the web interface or serial connection for configuration. 
    • Disable TFTP firmware updates (Trivial File Transfer Protocol)
      • TFTP is the protocol used by Device Installer to update the firmware.  Disabling TFTP prevents unwanted firmware from being remotely loaded into a device server.
    • Disable Web setup
      • Disabling the web setup prevents access to the device server through a browser and closes http port 80.
    • Enable Encryption
      • Products with encryption should have the encryption enabled to protect the attached device data.  The supported encryption is 128-bit Rijndael encryption.  The encryption key entered into the device server would have to match the key used in all other Conettix devices and programs to communicate.
    • Disable 77F0
      • The ability to use Port 77F0 is not available on the Conettix devices so turning this on or off will not have an effect.  Port 77F0 translates to port number 30704.  Disabling 77F0 prevents custom applications from being able to query or set the configurable pins on the X-Port when they are functioning as a general purpose I/Os. (GPIO)  Again, these pins are NOT available on Conettix devices.
    • Disable ICMP on the network.  (Internet Control Message Protocol)
      • ICMP is the protocol allowing Ping connections.  This can be blocked to prevent remote attempts to ping the device.

     

    • Note:
      • If further configuration is required, you may re-enable port 77fe, Telnet to port 9999
      • Keep devices behind router.  Set firewall to only allow the port number being used for Netcom.  This will prevent telnet and ping from external source.
      • Devices do not use the standard Telnet port 23.

     

    Configuring some or all of the items listed above will help prevent unwanted access and protect device data.  However, it will also make it more difficult for periodic maintenance or configuration updates.  Deciding what is right for each application should be reviewed on a case by case basis and is ultimately the decision of the system administrator.

    Version history
    Revision #:
    2 of 2
    Last update:
    ‎06-08-2018 05:23 PM
    Updated by:
     
    Contributors
    Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist