Security recommendations
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
19
• If non-secure protocols and services are required, ensure that the device is operated
in a protected network area.
• Check whether use of the following protocols and services is necessary:
– Non-authenticated and unencrypted ports
– MRP, HRP
– IGMP Snooping
– Syslog
– RADIUS
– Broadcast pings
– ICMP (redirect)
– LLDP
– DHCP Options 66/67
– SNTP
– NTP
– TFTP
– GMRP and GVRP
– VRRPv3
– DNS
– SNMPv1/V2c
• If a secure alternative is available for a protocol, use it.
The following protocols provide secure alternatives:
– SNMPv1/v2 → SNMPv3
Check whether use of SNMPv1/v2c is necessary. SNMPv1/v2c are classified as
non-secure. Use the option of preventing write access. The device provides you
with suitable setting options.
If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
Use the authentication and encryption mechanisms of SNMPv3.
– HTTP → HTTPS
– Telnet → SSH
– NTP → Secure NTP
– TFTP → SFTP
• Restrict the services and protocols available to the outside to a minimum.
• If you use RADIUS for management access to the device, enable secure protocols and
services.
• For the DCP function, leave the "Read-Only" mode after commissioning.
To Next Page
Loading...
