Security Hardening Procedure

https//www.racom.eu/eng/products/m/ray3/secproc.html

Print version

Appendix A. Security Hardening Procedure

Introduction

This document outlines a recommended Security Hardening Procedure for the RAy3 microwave link device. The purpose of this guide is to assist system integrators, administrators, and security personnel in configuring RAy3 devices securely, minimizing the risk of unauthorized access or compromise.

Each section describes key security aspects and actionable steps that should be taken before deploying RAy3 units into production environments.

A.1. Access Management

  • When logging in for the first time, the user is prompted to enter a username and password.

  • Use strong passwords (minimum 8 characters, including uppercase, lowercase, number, and special character).

  • Set Passphrase for wi-fi management. (Link settings > Service access > USB accessories > Passphrase)

  • For wi-fi, turn off “Force enable”. (Link settings > Service access > USB accessories > Force enable)

  • Disable unused services such as Telnet, SNMP, SSH.

  • Limit SSH access: use public key authentication.

  • Avoid credential reuse across multiple devices.

  • Enable NTP time synchronization with trusted time servers.

A.2. Physical access

  • Restrict physical access to the device (e.g., install in locked enclosures or secure locations).

  • Disable unused physical interfaces ETH2. (Switch settings > Interface > Port > Port enable)

A.3. Firmware and Updates

  • Keep the device firmware up to date with the latest version from the RACOM.

  • Verify integrity and authenticity of firmware before installation.

  • Avoid firmware downgrades unless necessary; enforce password reset if downgrade occurs.

  • The latest FW can be downloaded from the RACOM website.

  • Standard firmware versions are available semi-annually, release notes with changes and firmware package checksum are available on the same website.

  • The firmware upgrade is performed in two steps – upload and upgrade. (Tools > Maintenance > Firmware)

A.4. Logging and Monitoring

  • Forward diagnostic package to a remote Syslog server secured in your network.

  • Periodically review logs to detect unusual activity or unauthorized access attempts.

A.5. Environmental Security

  • Utilize physical security tools such as cable locks or intrusion sensors, if available.

  • Ensure secure access to power supplies and PoE injectors.

A.6. Backup and Recovery

  • Regularly back up configuration files and store them securely.

  • Encrypt backups and replicate them in separate, secure locations.

  • Document the recovery process and periodically test it to ensure readiness.

A.7. Security Review and Audit

  • Conduct scheduled security reviews (e.g., every 6 or 12 months).

  • Reevaluate user permissions and disable inactive accounts.

  • Maintain logs of configuration changes, firmware updates, and user account rotations.

©  2025 RACOM s.r.o. All Rights Reserved.