Security recommendations
SCALANCE S615
16
Operating Instructions, 10/2022, C79000-G8976-C389-07
•
Enable only those services that are used on the device, including physical ports. Free
physical ports can potentially be used to gain access to the network behind the device.
•
Use the authentication and encryption mechanisms of SNMPv3 if possible. Use strong
passwords.
•
Configuration files can be downloaded from the device. Ensure that configuration files are
adequately protected.
Configuration files can be password protected during download. You enter passwords on
the WBM page "System > Load & Save > Passwords".
•
When using SNMP (Simple Network Management Protocol):
–
Configure SNMP to generate a notification when authentication errors occur.
For more information, see WBM "System > SNMP > Notifications".
–
Ensure that the default community strings are changed to unique values.
–
Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-secure and
should only be used when absolutely necessary.
–
If possible, prevent write access.
Secure/ non-secure protocols
•
Use secure protocols if access to the device is not prevented by physical protection
measures.
•
Restrict the use of non-secure protocols. While some protocols are secure (e.g. HTTPS,
SSH, 802.1X, etc.), others were not designed for the purpose of securing applications (e.g.
SNMPv1/v2c, RSTP, etc.).
Therefore, take appropriate security measures against non-secure protocols to prevent
unauthorized access to the device/network. Use non-secure protocols on the device using
a secure connection (e.g. SINEMA RC).
•
If non-secure protocols and services are required, ensure that the device is operated in a
protected network area.