Preface
SIMATIC MV500
Operating Instructions, 03/2021, C79000-G8976-C494-05
7
Software (security functions)
• Keep the software up to date. Keep yourself informed regularly about safety updates for
the product.
You can find information about this at Link: (http://www.siemens.com/industrialsecurity)
• Activate only protocols that you actually need to use the device.
• Limit access to the device using a firewall or rules in an access control list (ACL).
• The configuration files are available in XML format for simple use. Make sure that the
configuration files outside the device are suitably protected. You can, for example, encrypt
the files, store them at a safe location and transfer them only via secure communications
channels.
• We recommend that you disable the "CONNECT" function after initial commissioning.
• The functions for archiving as well as the remote functions (MMI) may only be activated in
networks protected by a firewall.
Passwords
• Activate user management and create new user profiles.
• Change all default passwords for users before operating the device.
• Only use passwords with high password strength. Avoid weak passwords, e.g. password1,
123456789, abcdefgh.
• Define rules for using devices and assigning passwords.
• Make sure that all passwords are protected and inaccessible to unauthorized personnel.
• Do not use the same password for different users and systems.
• Update passwords and keys regularly to improve security.
Firmware encryption
The firmware itself is signed and encrypted. This ensures that only authentic firmware can be
downloaded to the device.
Secure/non-secure protocols
• Check whether it is necessary to use SNMPv1. SNMPv1 is classified as non-secure. Make
use of the possibility to prevent write access. The product offers corresponding settings
for this.
• If SNMP is activated, change the community names. If unrestricted access is not necessary,
limit access via SNMP.
• Use secure protocols if access to the device is not protected by means of physical
safeguards.
The following protocols provide secure alternatives:
HTTP → HTTPS
To Next Page
Loading...
