Secure/non-secure protocols
● Avoid or disable non-secure protocols, for example Telnet and TFTP. For historical reasons,
these protocols are still available, however not intended for secure applications. Use non-
secure protocols on the device using a secure connection (e.g. SINEMA RC).
● Avoid or disable non-secure protocols. Check whether use of the following protocols is
necessary:
– Telnet
– HTTP
– Broadcast pings
– Non authenticated and unencrypted interfaces
– ICMP (redirect)
– LLDP
– Syslog
– DHCP Options 66/67
– SNTP
– NTP
– TFTP
● The following protocols provide secure alternatives:
– SNMPv1/v2 → SNMPv3
Check whether use of SNMPv1 is necessary. SNMPv1 is classified as non-secure. Use
the option of preventing write access. The product provides you with suitable setting
options.
If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
– HTTP → HTTPS
– Telnet → SSH
– NTP → Secure NTP
– SNTP → Secure NTP
– TFTP → SFTP
● Use secure protocols when access to the device is not prevented by physical protection
measures.
● To prevent unauthorized access to the device or network, take suitable protective measures
against non-secure protocols.
● If you require non-secure protocols and services, activate these at interfaces that are
located within a protected network area.
● Using a firewall, restrict the services and protocols available to the outside to a minimum.
● For the DCP function, enable the "DCP read-only" mode after commissioning.
Security recommendation
SCALANCE S615 Web Based Management
Configuration Manual, 11/2019, C79000-G8976-C388-08 27
To Next Page
Loading...
