Securing Your Device

The advice in this chapter will help keep your device secure. Ensure your device's security by changing default passwords and enabling the Secure Bit.

Change the SoftAP Passphrase

The device is configured with a default SoftAP passphrase. It's highly recommended that you change the SoftAP passphrase to prevent unauthorized access before continuing with further configuration.

In Web Manager, go to Network > ap0 > Link > Configuration.

In the CLI, see Config Link level.

In XML, see configgroup Link.

Change the Admin Password

Change the password on the default Admin account to prevent unauthorized access.

  1. In Web Manager, go to User
  2. Click the admin account.
  3. Change the value of Password.
  4. Click Submit.

In the CLI, see Config User level.

In XML, see configgroup User.

Enable Secure Bit

Secure Boot ensures that only authorized software is allowed to run on the device. Secure Boot is enabled by default. For additional security and to prevent writes into the OTP area, enable the Secure Bit at manufacturing using the Manufacturing Test Loader.

How you enable the Secure Bit depends on whether you load Lantronix signed firmware or create your own firmware. If using Lantronix signed firmware, see Secure Boot for detailed information. If creating your own firmware, see the SDK User Guide for information on loading your own firmware.

Set OEM Password

Change your OEM password to prevent unauthorized users from changing the default configuration of your device. You can send XML to load the XML configuration record (XCR) either through the serial port or the Web APIs.

If no OEM password had been set, set the password using <configitem name = "Password"><value>[new-password]</value></configitem> within <configgroup name = "OEM">. If an OEM password had already been set and you want to change it, you'll also need to supply the current password using <configitem name = "Password"><value>[current-password]</value></configitem> within <configgroup name = "XML Import Control">. See below for an example in which the current password is provided and changed to a new password.

<?xml version="1.0" standalone="yes"?>
<!DOCTYPE configrecord [
   <!ELEMENT configrecord (configgroup+)>
   <!ELEMENT configgroup (configitem+)>
   <!ELEMENT configitem (value+)>
   <!ELEMENT value (#PCDATA)>
   <!ATTLIST configrecord version CDATA #IMPLIED>
   <!ATTLIST configgroup name CDATA #IMPLIED>
   <!ATTLIST configgroup instance CDATA #IMPLIED>
   <!ATTLIST configitem name CDATA #IMPLIED>
   <!ATTLIST configitem instance CDATA #IMPLIED>
   <!ATTLIST value name CDATA #IMPLIED>          
<configrecord version = "">
   <configgroup name = "XML Import Control">
      <configitem name = "OEM">
         <value>Set Configuration</value>
      <configitem name = "Password">
   <configgroup name = "OEM">
      <configitem name = "Password">

For more information on setting the OEM default configuration, see OEM Branding and Customization.