Security recommendations
SIMATIC RF360R
8 Configuration Manual, 03/2022, C79000-G8976-C629-02
• The configuration files are available in XML format for simple use. Make sure that the
configuration files outside the device are suitably protected. You can, for example, encrypt
the files, store them at a safe location and transfer them only via secure communication
channels.
• The device provides options for backing up and restoring the configuration. For security
reasons, neither the IP address of the network interface nor data of the local user
administration are backed up. We recommend that you use the network management
system "SINEC NMS" to manage this data.
Passwords
• Always use the user management and create new user profiles.
• Change all default passwords for users before operating the device.
• Only use passwords with high password strength. Avoid weak passwords, e.g. password1,
123456789, abcdefgh.
• Define rules for using devices and assigning passwords.
• Make sure that all passwords are protected and inaccessible to unauthorized personnel.
• Do not use the same password for different users and systems.
• Update passwords and keys regularly to improve security.
Keys and certificates
This section deals with the security keys and certificates that you need to set up SSL.
• We urgently recommend creating your own SSL certificates and making them available.
Preset certificates and keys are present in the device.
The preset and automatically created SSL certificates are self-signed. We recommend
using certificates signed either by a reliable external certification authority or an internal
certification authority.
The device has an interface via which you can import certificates and keys.
• We recommend that you use certificates with a cryptographic key length of at least 4096
bits.
• If protocols support both certificates and keys, you should favor certificates.
• With operation via OPC UA, always use the "Sign and encrypt" security method.
To Next Page