These topics include information about security issues that are important to consider when working with the Edge-10 platform.
CAUTION: Protect against unauthorized access by restricting physical access to the computers and devices that manage your building
model. Set up user authentication with strong passwords, and secure components by controlling permissions. Failure to observe
these recommended precautions could expose your network systems to unauthorized access and tampering.
SSL/TLS commissioning notes
NOTE: In
Niagara 4, “SSL” is always implemented using the TLS (Transport Layer Security) protocol, supporting TLS versions 1.0, 1.1. and 1.2.
See the Niagara Station Security Guide for complete details.
When using
Workbench, note that default “Open Platform” and “Open Station” operations initially assume Platform TLS Connection and Fox TLS Connection types, respectively. This is intended to encourage this TLS usage for all
Niagara 4 platforms and stations. If necessary, you can change either connection type, and
Workbench “remembers” this type to use on your next connection. As needed, change back again.
Protection of source integrity
Niagara provides support on hardware platforms for connecting to external services. It is important to ensure that any such service
is either trusted or controlled by your organization. For example, when synchronizing the system clock with an NTP service,
it is important to make sure that the selected NTP service is a trusted source. For more information related to source integrity,
see “Security precautions” in the Niagara Station Security Guide.
Good network configuration measures in place
Edge 10 devices could be put in a network without good network configuration measures in place. There are a number of ISA
62443 requirements that deal with the configuration of the network that is beyond the scope of this product. Best practice
documentation for network security is included in the Security best practices topic in the Niagara Networking and IT Guide.
Install hardware in a secure location
Restricting physical access to controllers is essential to security. If an attacker can physically connect to your hardware
using a cable, they can gain complete control of the system. This could potentially be disastrous. Keep your controllers secure
in a locked room with restricted access.
Related documentation
The following related documents provide more security-related information:
- Niagara Networking and IT Guide
- Niagara Station Security Guide
- Niagara 4 Hardening Guide located on the Tridium.com resources library (https://www.tridium.com/en/resources/library#ReferenceMaterials).