SCALANCE S615
Operating Instructions, 10/2022, C79000-G8976-C389-07
13
Security recommendations
2
To prevent unauthorized access to the device and/or network, observe the following security
recommendations.
General
•
Check the device regularly to ensure that these recommendations and/or other internal
security policies are complied with.
•
Evaluate the security of your location and use a cell protection concept with suitable
products. For more information, refer to:
Link: (
https://www.siemens.com/industrialsecurity
•
When the internal and external network are disconnected, an attacker cannot access
internal data from the outside. If possible, operate the device only within a protected
network area.
•
Use VPN to encrypt and authenticate communication from and to the devices.
•
For data transmission via a non-secure network, use an encrypted VPN tunnel (IPsec,
OpenVPN).
•
Check the user documentation of other Siemens products that are used together with the
device for additional security recommendations.
•
Using remote logging, ensure that the system protocols are forwarded to a central logging
server. Make sure that the server is within the protected network and check the protocols
regularly for potential security violations or vulnerabilities.
Authentication
Note
Accessibility risk - Risk of data loss
Do not lose the passwords for the device. Access to the device can only be restored by
resetting the device to factory settings which completely removes all configuration data.
•
Replace the default passwords for all user accounts, access modes and applications (if
applicable) before you use the device.
•
Define rules for the assignment of passwords.
•
Use passwords with a high password strength. Avoid weak passwords, (e.g. password1,
123456789, abcdefgh) or recurring characters (e.g. abcabc).
This recommendation also applies to symmetrical passwords/keys configured on the
device.
•
Make sure that passwords are protected and only disclosed to authorized personnel.