Issue
There isn't enough documentation on how to disable the different connection protocols. I.e. TLS or SSH.
Product Line
EcoStruxure Building Operation
Environment
- Building Operation Enterprise Central
- Building Operation Enterprise Server
- Building Operation Workstation
- Building Operation Automation Server
Cause
Increase the security of the system.
Resolution
SSL Communication Security Settings:
- You can edit SSL configuration in WorkStation Control Panel's Security Settings or in the Device Administrator SSL Security Settings tab.
- SSLv1,v2,v3 are all implicitly disabled.
- In EBO 2022 (4.0) or higher, TLS 1.3 is available and used as default when logging on with WebStation and for server-server communication with HTTPS. TLS 1.0 and TLS 1.1 are by default disabled but can be enabled in Control Panel.
- WorkStation is using TLS 1.2, disabling it would prevent logging on to WorkStation.
- In WorkStation, the only valid protocols are shown when you hover the mouse over disabled protocols. See below.
SSH Port:
- Port used for communication with Device Administrator can be disabled or changed so that the automation server communicates on another port using SSH. It is also possible to disable all SSH communication.
- SSH communication settings are available in Automation Server Properties – Network Tab, as shown below.
- Refer to Disabling Port 22 on SmartX Server and Adding an Additional SSH Port for a SmartX Server
.
For more Security guidelines, refer to EcoStruxure Building Management - System Hardening Guide, Security Overview, and Information Technology System Planning Guide
