IT security and network security are actually more than ever the focus of all efforts. The requirements for the protection of personal data are very high.

Security mechanisms often seem to limit the user's convenience, but this is usually only superficial. The damage caused by a data leak is in most cases immensely greater and requires extensive actions to contain the damage.

Devices used in network infrastructures must provide a variety of security mechanisms. The configuration of these devices should always be done from a security point of view. Two major areas can be defined here.

First, existing password functions should be set on devices for access protection. Solar-Log offers this option for its devices and explains how to use this function on the device and in the documentation that accompanies the product.

Pic 1: User note Password function

For the greatest possible protection against unauthorized access to the device, the password should be set during the initial installation and meet the requirements for passwords common today:

• No single words or word phrases!
  
• At least 9 characters!
• Combination of upper case letters / lower case letters / digits and special characters!
  The password should not be openly attached to the unit and should only be known to authorized persons!
  
• Use a separate password for each device!
  

Pic. 2: Access control configuration interface, Solar-Log Base user interface

Internet providers randomly assign the IP addresses of the routers in their network, which are changed daily. These IP addresses can be compared to house numbers or house addresses. If the location of a house is known, the locked door prevents unauthorized access. In the network, the router takes over the security function of the door. However, this door can be open through port releases. If one now knows the IP address and the open port, the device assigned to the port can be accessed without problems. Some services require such access to the network, but one should pay attention to a minimum number of open ports (doors) and secure the services and devices behind them by additional passwords or other mechanisms.

If the IP address of the router is permanently set, a port is opened and a fixed IP address is defined for the unit in the network, which can then be reached via this port, the unit can be found and attacked via the Internet. This means that all system data or personal data provided by the device is potentially available to an attacker or security-relevant settings, e.g. network settings for active and reactive power control, can be changed, which can have potentially serious effects on the infrastructure.

Therefore, as a user, you should take the two points explained very seriously and pay attention to the necessary configuration.

Solar-Log devices have extensive mechanisms to secure the device in the network against unauthorized access. As we always focus on IT security and data protection, we are constantly developing our security mechanisms. For the intended operation of the Solar-Log with connected portal, no network access from the Internet to the local network is necessary. This ensures that the Solar-Log devices are not visible on the internet when used as intended.

If it is necessary to access the Solar-Log via the Internet, we strongly recommend that this access is set up by an IT specialist. This specialist can completely secure access from unauthorized access, for example by using VPN mechanisms.

In addition, an internal mechanism has been implemented in the Solar-Log firmware, which allows us to actively access the extended firmware functions on the device if service or support for the user is needed.

We currently see an increased risk in this function for devices that can be freely accessed via the Internet if the device is openly accessible on the Internet by the user.

By updating the firmware to the version shown below, we are deactivating the service function until it is completely revised. We have adapted our support routines so that we can continue to support you with the service you are familiar with in the event of problems on site.

We recommend that you carry out this update on your device and check and, if necessary, implement the points listed above regarding the topic of network security.

If you have any further questions, please do not hesitate to contact us.