November-5th-2021, 04:56 PM
Yes of course you can. The IEC 62443 defines
a.) that all communications to a device needs to be encrypted using TLS security
b.) that all open ports like 22 for SSH or 80/443 for web user interface need to be protected by a username and password
Both prerequisites are fulfilled with the SSH port on netFIELD devices.
And if a customer feels very strong vulnerability across the default open SSH port ... then he can disable the service easily in all netFIELD devices with "sudo systemctl stop ssh" and "sudo systemctl disable ssh". Then the service is no more active. So you see it is customer dependent and the customer has a choice. With netPI he did not have any choice ... it was always disable ... so what do you feel is better. Choice or no choice?
Thx
Armin
a.) that all communications to a device needs to be encrypted using TLS security
b.) that all open ports like 22 for SSH or 80/443 for web user interface need to be protected by a username and password
Both prerequisites are fulfilled with the SSH port on netFIELD devices.
And if a customer feels very strong vulnerability across the default open SSH port ... then he can disable the service easily in all netFIELD devices with "sudo systemctl stop ssh" and "sudo systemctl disable ssh". Then the service is no more active. So you see it is customer dependent and the customer has a choice. With netPI he did not have any choice ... it was always disable ... so what do you feel is better. Choice or no choice?
Thx
Armin
„You never fail until you stop trying.“, Albert Einstein (1879 - 1955)
