SCALANCE W1750D CLI
Function Manual, 03/2019, C79000-G8976-C452-04
15
Security recommendations
2
To prevent unauthorized access, note the following security recommendations.
General
●
You should make regular checks to make sure that the device meets these
recommendations and/or other security guidelines.
●
Evaluate your plant as a whole in terms of security. Use a cell protection concept with
suitable products (
https://www.industry.siemens.com/topics/global/en/industrial-
●
When the internal and external network are disconnected, an attacker cannot access
internal data from the outside. Therefore operate the device only within a protected
network area.
●
For communication via non-secure networks use additional devices with VPN functionality
to encrypt and authenticate the communication.
●
Terminate management connections correctly (WBM. Telnet, SSH etc.).
Physical access
●
Restrict physical access to the device to qualified personnel.
Software (security functions)
●
Keep the software up to date. Check regularly for security updates of the product. You will
find information on this on the Internet pages "Industrial Security
https://www.siemens.com/industrialsecurity
)" .
●
Inform yourself regularly about security advisories and bulletins published by Siemens
ProductCERT (
https://www.siemens.com/cert/en/cert-security-advisories.htm
●
Only activate protocols that you really require to use the device.
●
Use the security functions such as address translation with NAT (Network Address
Translation) or NAPT (Network Address Port Translation) to protect receiving ports from
access by third parties.
●
Restrict access to the device with a firewall or rules in an access control list (ACL -
Access Control List).
●
If RADIUS authentication is via remote access, make sure that the communication is
within the secured network area or is via a secure channel.
●
The option of VLAN structuring provides good protection against DoS attacks and
unauthorized access. Check whether this is practical or useful in your environment.
●
Enable logging functions. Use the central logging function to log changes and access
attempts centrally. Check the logging information regularly.