Security recommendations
SCALANCE SC-600
16 Operating Instructions, 10/2021, C79000-G8976-C453-04
• Ensure that the latest firmware version is installed, including all security-related
patches.
You can find the latest information on security patches for Siemens products at the
Industrial Security (https://www.siemens.com/industrialsecurity) or ProductCERT
Security Advisories website.
For updates on Siemens product security advisories, subscribe to the RSS feed on the
ProductCERT Security Advisories website or follow @ProductCert on Twitter.
• For optimum security, use SNMPv3 authentication and encryption mechanisms
whenever possible, and use strong passwords.
• Configuration files can be downloaded from the device. Ensure that configuration files
are adequately protected. The options for achieving this include digitally signing and
encrypting the files, storing them in a secure location, or transmitting configuration
files only through secure communication channels.
Configuration files can be password protected during download. You enter passwords
on the WBM page "System > Load & Save > Passwords".
• When using SNMP (Simple Network Management Protocol):
– Configure SNMP to generate a notification when authentication errors occur.
For more information, see WBM "System > SNMP > Notifications".
– Ensure that the default values of the community strings are changed.
– Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-
secure and should only be used when absolutely necessary.
– If possible, prevent write access above all.
Interfaces security
• Disable unused interfaces.
• Use IEEE 802.1X for interface authentication.
• Use the function "Locked Ports" to block interfaces for unknown nodes.
• Use the configuration options of the interfaces, e.g. the "Edge Type".
• Configure the receive ports so that they discard all untagged frames ("Tagged Frames
Only").
Secure/non-secure protocols
• Use secure protocols if access to the device is not prevented by physical protection
measures.
• Restrict the use of non-secure protocols. While some protocols are secure (e.g.
HTTPS, SSH, 802.1X, etc.), others were not designed for the purpose of securing
applications (e.g. SNMPv1/v2c, RSTP, etc.).
Therefore, take appropriate security measures against non-secure protocols to
prevent unauthorized access to the device/network. Use non-secure protocols on the
device with caution.
To Next Page
Loading...
Need help?
General