3 Detailed checklist
Checklist
Article ID: 109745536, V2.0, 05/2022
10
©
S
iem
e
n
s A
G
2
0
2
2
A
ll r
igh
ts
re
se
rv
e
d
•
You can use "SNMPv1/v2c/v3" in the SNMP section. Ideally, you would
completely disable SNMPv1/v2 and instead use the secure SNMPv3 variant.
Note
With SNMPv1/v2, data are transmitted over the wire in cleartext.
With SNMPv3, the client can neither write nor read without a valid logon. Data are
transmitted in encrypted form.
•
Tick the "SNMPv1/v2 Read-Only" checkbox to prevent changes to the device
configuration via unsecure "SNMP Set" requests.
Change the Community Strings for SNMPv1/v2.
•
Disable the "SINEMA Configuration Interface" option if the device is not
managed with TIA or SINEC NMS. This turns off the configuration interface for
these tools.
•
After commissioning, set the DCP server to "Read Only".
3.4
Use secure FTP
Menu path
You can find this information "System > Load&Save" for MSPS devices.
Note on X-200 and X-300 devices
The switches only support "TFTP".
Recommendations for MSPS devices
Do not use "TFTP". The MSPS devices now offer a secure alternative with "SFTP".
3.5
DHCP client
Menu path
You can find this information in the following paths:
•
With MSPS: "System > DHCP"
•
With X-200 and X-300: "Agent > Agent DHCP Configuration"
Recommendation
If using the DHCP client, disable "DHCP Client Configuration Request (Opt.66,
67)".
Otherwise, the DHCP server can potentially reconfigure the device.