Safety notices
3.3 Security recommendations
SCALANCE X-200
30 Operating Instructions, 03/2015, C79000-G8976-C284-06
To prevent unauthorized access, note the following security recommendations.
● You should make regular checks to make sure that the device meets these
recommendations and/or other security guidelines.
● Evaluate your plant as a whole in terms of security. Use a cell protection concept with
suitable products.
● Limit physical access to the device to qualified personnel.
The memory card or the C-PLUG contains sensitive data such as certificates, keys etc.
that can be read out and modified.
● Lock unused physical ports on the device. Unused ports can be used to gain forbidden
access to the plant.
Software (security functions)
● Keep the software up to date. Check regularly for security updates of the product.
You will find information on this at: www.siemens.com/industrialsecurity
(http://www.siemens.com/industrialsecurity
)
● Only activate protocols that you really require to use the device.
● Restrict access to the device with a firewall or rules in an access control list (ACL -
Access Control List).
● The option of VLAN structuring provides good protection against DoS attacks and
unauthorized access. Check whether this is practical or useful in your environment.
● Enable logging functions. Use the central logging function to log changes and access
attempts centrally. Check the logging information regularly.
● Configure a Syslog server to forward all logs to a central location.
● Define rules for the use of devices and assignment of passwords.
● Regularly update passwords and keys to increase security.
● Change all default passwords for users before you operate the device.
● Only use passwords with a high password strength. Avoid weak passwords for example
password1, 123456789, abcdefgh.
● Make sure that all passwords are protected and inaccessible to unauthorized personnel.
● Do not use the same password for different users and systems or after it has expired.
To Next Page
Loading...
