Copyright © 2021 Moxa Inc.
Released on March 26, 2021
About Moxa
Moxa is a leading provider of edge connectivity, industrial computing, and network
infrastructure solutions for enabling connectivity for the Industrial Internet of Things
(IIoT). With over 30 years of industry experience, Moxa has connected more than 57
m
customers in more than 70 countries. Moxa delivers lasting business value by
empowering industries with reliable networks and sincere service. Information about
Moxa’s solutions is available at www.moxa.com .
The Security Hardening Guide for the NPort 5000 Series
Moxa Technical Support Team
support@moxa.com
Contents
1. Introduction .................................................................................... 2
2. General System Information ........................................................... 3
2.1. Basic Information About the Device ............................................................ 3
2.2. Deployment of the Device ......................................................................... 4
3. Configuration and Hardening Information ...................................... 4
3.1. TCP/UDP Ports and Recommended Services ................................................. 5
3.2. HTTPS and SSL Certificates ....................................................................... 9
3.3. Account Management ..............................................................................10
3.4. Accessible IP List .....................................................................................12
3.5. Logging and Auditing ...............................................................................13
4. Patching/Upgrades ....................................................................... 15
4.1. Patch Management Plan ...........................................................................15
4.2. Firmware Upgrades .................................................................................15
5. Security Information and Vulnerability Feedback ......................... 16
illion devices worldwide and has a distribution and service network that reaches
The Security Hardening Guide for the NPort 5000
Series
Copyright © 2021 Moxa Inc.
1. Introduction
This document provides guidelines on how to configure and secure the NPort 5000 Series. The
recommended steps in this document should be considered as best practices for security in
most applications. It is highly recommended that you review and test the configurations
thoroughly before implementing them in your production system in order to ensure that your
application is not negatively impacted.
The Security Hardening Guide for the NPort 5000
Series
Copyright © 2021 Moxa Inc.
2. General System InformationBasic Information About the
Device
Model Function Operating System Firmware Version
NPort 5000A Series General purpose Moxa Operating
System
NPort 5110 General purpose Moxa Operating
System
NPort 5130/5150 General purpose Moxa Operating
System
NPort 5200 Series General purpose Moxa Operating
System
NPort 5400 Series General purpose Moxa Operating
System
NPort 5600-DT Series General purpose Moxa Operating
System
NPort 5600-DTL Series Entry level Moxa Operating
System
NPort 5600 Series Rackmount Moxa Operating
System
NPort 5000AI-M12
Series
NPort IA5000 Series Industrial automation Moxa Operating
NPort IA5000A Series Industrial automation Moxa Operating
Railway Moxa Operating
System
System
System
Version 1.6
Version 2.10
Version 3.9
Version 2.12
Version 3.14
Version 2.8
Version 1.6
Version 3.10
Version 1.5
Version 1.7
Version 1.7
The NPort 5000 Series is a device server specifically designed to allow industrial
devices to be directly accessible from the network. Thus, legacy devices can be
transformed into Ethernet devices, which then can be monitored and controlled from
any network location or even the Internet. Different configurations and features are
available for specific applications, such as protocol conversion, Real COM drivers, and
TCP operation modes, to name a few.
Moxa Operating System (MOS) is an embedded proprietary operating system, which is
only executed in Moxa edge devices. Because the MOS operating system is not freely
available, the chances of malware attacks are significantly reduced.
The Security Hardening Guide for the NPort 5000
Series
Copyright © 2021 Moxa Inc.
2.2. Deployment of the Device
You should deploy the NPort 5000 Series
behind a secure firewall network that has
sufficient security features in place to
ensure that networks are safe from
internal and external threats.
Make sure that the physical protection of
the MGate devices and/or the system
meets the security needs of your
application. Depending on the
environment and the threat situation, the
form of protection can vary significantly.
3. Configuration and Hardening Information
For security reasons, account and password protection is enabled by default, so you must
provide the correct account and password to unlock the device before entering the web
console of the gateway.
The default account and password are admin and moxa (both in lowercase letters),
respectively. Once you are successfully logged in, a pop-up notification will appear to remind
you to change the password in order to ensure a higher level of security.
The Security Hardening Guide for the NPort 5000
Series
Copyright © 2021 Moxa Inc.
3.1. TCP/UDP Ports and Recommended Services
Refer to the table below for all the ports, protocols, and services that are used to
communicate between the NPort 5000 Series and other devices.
Service Name Option
Moxa Command
(DSCI)
DNS_wins Enable Enable UDP 53, 137, 949
SNMP agent Enable/Disable Enable UDP 161 SNMP handling routine
HTTP server Enable/Disable Enable TCP 80 Web console
HTTPS server Enable/Disable Enable TCP 443 Secured web console
Telnet server Enable/Disable Disable TCP 23 Telnet console
DHCP client Enable/Disable Disable UDP 68
SNTP Enable/Disable Disable UDP Random Port
Remote System
Log
Enable/Disable Enable
Enable/Disable Disable UDP Random Port
Default
Setting
Type Port Number Remark & Description
TCP 14900, 4900
UDP 4800
For Moxa utility
communication
Processing DNS and WINS
(Client) data
The DHCP client needs to
acquire the system IP
address from the server
Synchronize time settings
with a time server
This function is not
available for the NPort
5100/5100A/5200/
5200A Series.
Send the event log to a
remote log server
Operation Mode Option
Real COM Mode Enable/Disable Enable TCP
RFC2217 Mode Enable/Disable Disable TCP
TCP Server Mode Enable/Disable Disable TCP
Default
Setting
Type Port Number
950+ (Serial port No. -
1)
966+ (Serial port No. -
1)
User-defined (default:
4000+Serial port No.)
User-defined (default:
4000+Serial port No.)
User-defined (default:
966+Serial port No.)
Remark &
Description
Only available in
certain models