Security recommendations
SCALANCE W788-x / W748-1
Operating Instructions, 03/2022, A5E03678333-17
15
Secure/ non-secure protocols
•
Use secure protocols if access to the device is not prevented by physical protection
measures.
•
Disable or restrict the use of non-secure protocols. While some protocols are secure
(e.g. HTTPS, SSH, 802.1X, etc.), others were not designed for the purpose of securing
applications (e.g. SNMPv1/v2c, RSTP, etc.).
Therefore, take appropriate security measures against non-secure protocols to
prevent unauthorized access to the device/network. Use non-secure protocols on the
device using a secure connection (e.g. SINEMA RC).
•
If non-secure protocols and services are required, ensure that the device is operated
in a protected network area.
•
Check whether use of the following protocols and services is necessary:
–
Non-authenticated and unencrypted ports
–
LLDP
–
Syslog
–
DHCP options 66/67
–
TFTP
–
Telnet
–
HTTP
–
SNMP v1/2c
–
Syslog
–
SNTP
•
The following protocols provide secure alternatives:
–
SNMPv1/v2c
→
SNMPv3
Check whether use of SNMPv1/v2c is necessary. SNMPv1/v2c is classified as
non-secure. Use the option of preventing write access. The product provides you
with suitable setting options.
If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
Use SNMPv3 in conjunction with passwords.
–
HTTP
→
HTTPS
–
Telnet
→
SSH
–
TFTP
→
SFTP
–
Syslog Client
→
Syslog Client TLS
•
Using a firewall, restrict the services and protocols available to the outside to a
minimum.
•
For the DCP function, enable the "Read Only" mode after commissioning.