Overview of the Hardening Procedure

Hardening of a Makito X Series encoder or decoder is performed by physically installing it in a secure environment, powering it up, and then executing a number of commands in a controlled manner. It is important to follow the instructions provided herein to bring the encoder or decoder from the factory default state to a secured (hardened) state.

Makito X Series devices can be brought into a secured state by following this series of hardening steps:

Step 1: Install and set up.

Physically install the device in a secure setting.
Initiate a CLI session; optionally initiate a Web User Interface session.
Set the time and date (manual setup).

Step 2: Set policies.

Set policies for passwords, session timeout, account inactivity, and cryptographic strength.

Step 3: Configure access.

Create a new administrator account.
Delete default accounts.
Create additional accounts.

Step 4: Disable insecure services.

Verify hardened services and reboot.
Disable insecure management interfaces and unused services.
Harden SNMP (optional).
Disable image snapshots (optional — Makito X encoder series only).

Step 5: Configure certificates and network settings.

Connect device to a trusted network; configure network settings.
Set the time and date (NTP server).
Install certificates.

Step 6: Configure an audit server connection.

Step 7: Set up an advisory/warning banner for interactive sign-in.

Step 8: Verify and reboot.

Each of these steps is described in the sections that follow. Note that many of these steps can be accomplished in either the Web Interface or via CLI commands. Where this is possible, the Web Interface steps are provided first, followed by CLI command alternatives.

Topics Discussed

Before You Start

Browser/SSH Client Compatibility