1. set strong password

Keep the following points in mind when choosing your password:

• It must consist of at least 16 characters.
• It should contain an uppercase letter, a lowercase letter, a number and a special character.
• It should be unique for each on-board module.
• It should be updated regularly.

This is an example of a strong password: "3@+ps#PwdZyK".
Strong and unique passwords should be used for all user accounts as well as for WiFi and u-boot. Note that the default passwords are identical on all devices.

2. remove preset users

Be sure to check the "/etc/shadow" file and remove unused user profiles (e.g. ssh_user, ftp_user...).
If the profiles are required, update their passwords.
Make sure that the default user profiles are identical on all devices.

3. deactivate services and interfaces that are not required

Any active service or interface is a potential risk for attack. Known vulnerabilities can be exploited to damage the system. Therefore, all active services and interfaces should be checked whether they are needed or not. For the same reason, unused interfaces should not be part of the cable system.
By default, the interfaces USB, LAN, WLAN, Bluetooth, CAN and RS232 are active, as well as a variety of services (e.g. proftpd, telnet, ssh...).

4. set up a firewall

A firewall restricts and controls incoming and outgoing connections to various networks.
It is possible to monitor the ports used and configure which services are allowed to communicate.
"iptables" is a well-known software firewall and is available on the end device. An additional description of "iptables" and various sample configurations can be found online.

5. set group policies

Each user connected to the system should have their own user name and password.
Admin rights should only be assigned if necessary.
Third-party software should be run with fewer rights.

6. prevent malicious code

Prevent malicious code by disabling automatic synchronization of directories (e.g. USB auto-mount script, network share, synchronized directories (rsync)...).

7. keep the system up to date

Always use the latest software provided by Modern Drive Technology.
Note that some standard Linux components may not be used in their latest version.

Note that these guidelines do not guarantee any particular level of security.
To ensure a secure system, security issues must be handled by qualified personnel.

Version v1.03r0 of this document was published on April 17, 2019.
For more information, please refer to the system user manual or contact Modern Drive Technology.