Security Hardening | BASidekick Wiki

[BASidekick]

K

Niagara 4 Platform Fails TLS Connection (Certificate Problems)

Operators cannot connect over HTTPS; Workbench shows SSL/TLS errors

TroubleshootingDec 29, 20250

Niagara 4 Vulnerabilities and Basic Hardening Checklist

Address concerns about published Niagara vulnerabilities with this hardening checklist

How-ToDec 29, 20250

Niagara Station Unreachable After Cyber Hardening

Users cannot log in or station appears offline after applying security hardening

TroubleshootingDec 29, 20250

BAS Cybersecurity Hardening – Quick Wins

Address owner and IT questions about BAS security with these quick wins

How-ToDec 29, 20250

Niagara N4: TLS Handshake Failed - Certificate Error

TLS handshake failed due to certificate issues - wildcard certificates may cause problems.

TroubleshootingDec 30, 20250

BAS Cybersecurity Vulnerability Advisories Reference

Cybersecurity resource tracking Common Vulnerabilities and Exposures (CVEs) specific to Building Automation Systems and Operational Technology.

Best PracticesDec 30, 20250

Responding to an Unauthorized Access Attempt in Metasys

Video

Instructions on using the integrated Metasys system to detect, track, and respond to security breaches.

How-ToDec 30, 20250

Metasys Cyber Health Dashboard Guide

Video

Guide on utilizing the dashboard to monitor system security, identify risks, and view health status.

How-ToDec 30, 20250

Password and Credential Management for BAS

Best practices for managing passwords and credentials in building automation systems per CISA ICS advisories and NIST guidelines.

Best PracticesJan 5, 20260

Common BAS Vulnerabilities and Mitigations

Guide to common BAS cybersecurity vulnerabilities including default credentials, unencrypted protocols, and lack of authentication, with practical mitigations referencing ICS-CERT advisories and NIST guidelines.

Best PracticesJan 5, 20260

Cloud-Connected BAS: Edge-to-Cloud Architecture

Guide to connecting on-premise BAS to cloud platforms for analytics, remote monitoring, and enterprise integration using edge controllers and secure cloud services.

How-ToFeb 17, 20260

Configuring LDAP Authentication in Niagara 4

Step-by-step guide to integrating Niagara 4 stations with Active Directory for centralized user management via LDAP, including TLS requirements and troubleshooting.

How-ToFeb 17, 20260

BACnet/SC (Secure Connect) Implementation Guide

Practical walkthrough of deploying BACnet Secure Connect including hub/node configuration, certificate management, and migration from traditional BACnet/IP.

How-ToFeb 17, 20260

BAS Network Security Hardening Checklist

Comprehensive security hardening checklist for building automation networks covering segmentation, credentials, firmware management, and compliance frameworks.

Best PracticesFeb 17, 20260

BACnet Secure Connect (BACnet/SC) Implementation & Best Practices

Practical BACnet/SC guidance covering architecture, certificates, migration planning, and security-focused deployment practices.

Best PracticesFeb 17, 20260

Metasys User Roles and Permissions Management

Security-focused guide to Metasys account administration, role assignment, password policy, and least-privilege access management.

Best PracticesFeb 17, 20260

BAS Network Ports for IT: Minimal Connectivity Rules (BACnet, Niagara, Metasys, MQTT)

Minimal port and flow documentation for BAS networks, aligned with vendor guidance and a least-privilege posture.

Best PracticesFeb 21, 20260

Niagara TLS and Certificates Troubleshooting Guide (Workbench, Web, and Station-to-Station)

Decision-tree troubleshooting for Niagara TLS failures, covering trust stores, certificate lifecycle, and fox/foxs/foxwss port mismatches.

TroubleshootingFeb 21, 20260