• If a secure alternative is available for a protocol, use it.
The following protocols provide secure alternatives:
– SNMPv1/v2 → SNMPv3
Check whether use of SNMPv1 is necessary. SNMPv1 is classied as non-secure. Use the
option of preventing write access. The product provides you with suitable setting options.
If SNMP is enabled, change the community names. If no unrestricted access is necessary,
restrict access with SNMP.
– HTTP → HTTPS
– Telnet → SSH
– NTP → Secure NTP
– TFTP → SFTP
– TIA Portal Cloud Connector using a secure connection. Use the "TIA Portal Cloud
Connector" integrated in the product over a VPN solution (e.g. SINEMA RC).
Congure the rewall settings of the SCALANCE M800/S615 (e.g. predened IPv4 rules
"Cloud Connector" to prevent unauthorized access of network devices to the "TIA Portal
Cloud Connector Server").
• Using a rewall, restrict the services and protocols available to the outside to a minimum.
• For the DCP function, enable the "Read Only" mode after commissioning.
3.2 Available services
List of available services
The following is a list of all available protocols and services as well as their ports through which
the device can be accessed.
The table includes the following columns:
• Service
The services that the device supports.
• Protocol / Port number
Port number assigned to the protocol.
• Default port status
The port status on delivery (factory setting) distinguishes between local and external access.
– Local access: The port is accessed via a local connection (vlan1).
– External access: The port is accessed via an external connection (vlan2).
• Congurable port/service
Indicates whether the port number or the service can be congured via WBM / CLI.
• Authentication
Species whether an authentication of the communication partner takes place or whether
an authentication can be congured.
• Encryption
Species whether the transfer is encrypted or whether the encryption can be congured.
Security recommendations
3.2Available services
SCALANCE MUM853-1
Operating Instructions, 03/2023, C79000-G8976-C650-05 17