• Use the authentication and encryption mechanisms of SNMPv3 if possible. Use strong
passwords.
• Conguration les can be downloaded from the device. Ensure that conguration les are
adequately protected.
Conguration les can be password protected during download. You enter passwords on the
WBM page "System > Load & Save > Passwords".
• When using SNMP (Simple Network Management Protocol):
– Congure SNMP to generate a notication when authentication errors occur.
For more information, see WBM "System > SNMP > Notications".
– Ensure that the default community strings are changed to unique values.
– Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-secure and
should only be used when absolutely necessary.
– If possible, prevent write access.
Secure/ non-secure protocols
• Use secure protocols if access to the device is not prevented by physical protection measures.
• Restrict the use of non-secure protocols. While some protocols are secure (e.g. HTTPS, SSH,
802.1X, etc.), others were not designed for the purpose of securing applications (e.g.
SNMPv1/v2c, RSTP, etc.).
Therefore, take appropriate security measures against non-secure protocols to prevent
unauthorized access to the device/network. Use non-secure protocols on the device using a
secure connection (e.g. SINEMA RC).
• If non-secure protocols and services are required, ensure that the device is operated in a
protected network area.
• Check whether use of the following protocols is necessary:
– Telnet
– HTTP
– Broadcast pings
– Non authenticated and unencrypted interfaces
– ICMP (redirect)
– LLDP
– DHCP Options 66/67
– SNTP
– NTP
– TFTP
– TIA Portal Cloud Connector (not available with SCALANCE MUM85x)
– VRRPv3
– DNS
– SNMPv1/V2c
Security recommendations
3.1Security recommendations
SCALANCE MUM853-1
16 Operating Instructions, 03/2023, C79000-G8976-C650-05
To Next Page
Loading...
