For security you can restrict access to trusted Network sources using VPN and/or IP Tables filtering, also consider running TCP/UDP services on alternate ports.
Below is a list of available security options & recommendations:
- SSHv2 Encryption
- Embedded Validated FIPS 140-2 Cryptographic Module
- HTTPS/SSL Secure Web
- Remote Authentication:
- LDAP/Kerberos/RADIUS/TACACS+
- Multi-factor Authentication/Two-Factor Authentication (2FA)
- Radius DUO or OKTA Support
- Multi-Level Subscriber Directory
- IP Address Filtering – IPTABLES using Linux standard syntax
- VPN IPsec site to site support
- Callback Security option available for our units with built in or attached analog modems
- Wake Up On Failure option for our Cell units.
- Turn OFF Telnet
- Set unit SSH Security Level to "High"
- Set unit Harden Web Security to "High"
- Set unit TLS Mode to "TLSv1.3"
- Set unit HSTS Policy to "ON"
- Set unit OCSP Stapling to "ON"
- Set unit General > Serial Port Protection, SSH Protection, Telnet Protection, and Web Protection parameters to "ON"
- Secure RSA