Knowledge Base
Best Security Practices
Restrict access to trusted network sources using VPN and/or IP Tables filtering. Consider running TCP/UDP services on alternate ports.
Published
January 31, 2024
Recommended Security Options
Secure Access & Encryption
- SSHv2 Encryption
- HTTPS/SSL Secure Web
- Embedded validated FIPS 140-2 cryptographic module
- Secure RSA
Remote Authentication & MFA
- LDAP / Kerberos / RADIUS / TACACS+
- Multi-factor / Two-Factor Authentication (2FA)
- RADIUS DUO or OKTA support
- Multi-level subscriber directory
Network Controls
- IP address filtering via IPTABLES (Linux standard syntax)
- VPN IPsec site-to-site support
- Use alternate ports for TCP/UDP services (as needed)
Resiliency & Legacy Access
- Callback security option (analog modem units)
- Wake-Up on Failure (Cell units)
- Turn OFF Telnet
Hardening Checklist (Recommended Settings)
Quick Apply Targets
The following configuration items are called out as best-practice values for locking down management access.
| Setting | Recommended Value | Why it matters |
|---|---|---|
| SSH Security Level | High | Stronger SSH posture by reducing weak options. |
| Harden Web Security | High | Strengthens web management interface. |
| TLS Mode | TLSv1.3 | Modern TLS protocol for HTTPS management. |
| HSTS Policy | ON | Enforces HTTPS usage for supported clients. |
| OCSP Stapling | ON | Improves certificate status checking behavior. |
| General Protections | ON (Serial Port, SSH, Telnet, Web Protection) | Turns on protection controls across primary access methods. |
Do not leave Telnet enabled
Disable Telnet as part of your baseline hardening.
Operational Tip: Combine VPN/IPTABLES allow-listing with strong authentication (RADIUS/TACACS+/LDAP) and MFA for a layered defense approach.