Security recommendations
SCALANCE M874, M876
10 Operating Instructions, 08/2018, C79000-G8976-C331-08
● Define rules for the use of devices and assignment of passwords.
● Regularly update passwords and keys to increase security.
● Change all default passwords for users before you operate the device.
● Only use passwords with a high password strength. Avoid weak passwords for example
password1, 123456789, abcdefgh.
● Make sure that all passwords are protected and inaccessible to unauthorized personnel.
● Do not use the same password for different users and systems or after it has expired.
This section deals with the security keys and certificates you require to set up TLS, VPN
(IPsec, OpenVPN) and SINEMA RC.
● The device contains a pre-installed X.509 certificate with key. Replace this certificate with
a self-made certificate with key. We recommend that you use a certificate signed by a
reliable external or internal certification authority.
● Use the certification authority including key revocation and management to sign the
certificates.
● Make sure that user-defined private keys are protected and inaccessible to unauthorized
persons.
● Verify certificates and fingerprints on the server and client to prevent "man in the middle"
attacks.
● It is recommended that you use password-protected certificates in the PKCS#12 format.
● It is recommended that you use certificates with a key length of at least 2048 bits.
● Change keys and certificates immediately, if there is a suspicion of compromise.
Secure/non-secure protocols
● Avoid or disable non-secure protocols, for example Telnet and TFTP. For historical
reasons, these protocols are still available, however not intended for secure applications.
Use non-secure protocols on the device with caution.
● Avoid or disable non-secure protocols. Check whether use of the following protocols is
necessary:
– Broadcast pings
– Non authenticated and unencrypted interfaces
– ICMP (redirect)
– LLDP
– Syslog
– DHCP Options 66/67
– TFTP
To Next Page
Loading...
Need help?
General
