Siemens SCALANCE W760 - Password Management; Keys and Certificates

To Next Page

To Previous Page

● If RADIUS authentication is via remote access, make sure that the communication is within

the secured network area or is via a secure channel.

● The option of VLAN structuring provides good protection against DoS attacks and

unauthorized access. Check whether this is practical or useful in your environment.

● Enable logging functions. Use the central logging function to log changes and access

attempts centrally. Check the logging information regularly.

● Configure a Syslog server to forward all logs to a central location.

● Use WPA2/ WPA2-PSK with AES to protect the WLAN. If iPCF or iPCF-MC is used, use

the AES encryption.

See also

Product cert (http://www.siemens.com/cert/en/cert-security-advisories.htm)

http://www.siemens.com/industrialsecurity (http://www.siemens.com/industrialsecurity)

Passwords

● Define rules for the use of devices and assignment of passwords.

● Regularly update passwords and keys to increase security.

● Change all default passwords for users before you operate the device.

● Only use passwords with a high password strength. Avoid weak passwords for example

password1, 123456789, abcdefgh.

● Make sure that all passwords are protected and inaccessible to unauthorized personnel.

● Do not use the same password for different users and systems or after it has expired.

Keys and certificates

This section deals with the security keys and certificates you require to set up HTTPS

( HyperText Transfer Protocol Secured Socket Layer).

● We strongly recommend that you create your own HTTPS certificates and make them

available.

There are preset certificates and keys on the device. The preset and automatically created

HTTPS certificates are self-signed.

We recommend that you use HTTPS certificates signed either by a reliable external or by

an internal certification authority. The HTTPS certificate checks the identity of the device

and controls the encrypted data exchange. You can install the HTTPS certificate via the

WBM (System > Load and Save).

● Handle user-defined private keys with great caution if you use user-defined SSH or SSL

keys.

● Use the certification authority including key revocation and management to sign the

certificates.

● Verify certificates and fingerprints on the server and client to avoid "man in the middle"

attacks.

Security recommendations

SCALANCE W760/W720

8 Operating Instructions, 09/2017, C79000-G8976-C322-08

Other manuals for Siemens SCALANCE W760