Текст страницы
Appendix 1 Security Recommendation
1. Account Management
a. Use Strong Passwords
●The length should not be less than 8 characters.
●Include at least two types of characters; character types include upper and lower case
letters, numbers and symbols.
●Do not contain the account name or the account name in reverse order.
●Do not use continuous characters, such as 123, abc, etc.
●Do not use overlapped characters, such as 111, aaa, etc.
b. Change Password Regularly
It is suggested to change passwords regularly to reduce the risk of being guessed or cracked.
c. Assign Accounts and Permissions Reasonably
According to business and management needs, reasonably add new users, and reasonably
allocate a minimum set of permissions for them.
d. Enable Account Lock
The account lock feature is enabled by default, and it is recommended to keep it on to
guarantee the account security. If an attacker attempts to log in with the wrong password
several times, the corresponding account and the source IP address will be locked.
e. Set and Update Passwords Reset Information Timely
The platform supports password reset function. To reduce the risk of being attacked, please
set up related information for password reset in time. If the information changes, please
modify it in time. When setting password protection questions, it is suggested not to use
those that can be easily guessed.
f.
Enable Account Binding IP/MAC
It is recommended to enable the account binding IP/MAC mechanism to further improve
access security.
2. Service Configuration
a. Enable HTTPS
It is suggested to enable HTTPS, so that you visit web service through a secure
communication channel.
b. Disable Unnecessary Services and Choose Secure Modes
If not needed, it is recommended to turn off some services such as SNMP, SMTP, etc., to
reduce risks.
If necessary, it is highly recommended that you use safe modes, including but not limited to
the following services:
●SMTP: Choose TLS to access mailbox server.
●FTP: Choose SFTP, and set up strong passwords.
3. Network Configuration
a. Enable Firewall Allowlist
It is suggested to enable allowlist function to prevent everyone, except those with specified
IP addresses, from accessing the system. Therefore, please be sure to add your computer’s IP
address and the accompanying equipment’s IP address to the allowlist.
b. Network Isolation
37