Siemens SIMATIC NET SCALANCE SC646-2C

To Next Page

To Previous Page

Security recommendations

SCALANCE SC-600 Web Based Management (WBM)

18 Configuration Manual, 10/2021, C79000-G8976-C475-03

• Ensure that the latest firmware version is installed, including all security-related

patches.

You can find the latest information on security patches for Siemens products at the

Industrial Security (https://www.siemens.com/industrialsecurity) or ProductCERT

Security Advisories website.

For updates on Siemens product security advisories, subscribe to the RSS feed on the

ProductCERT Security Advisories website or follow @ProductCert on Twitter.

• For optimum security, use SNMPv3 authentication and encryption mechanisms

whenever possible, and use strong passwords.

• Configuration files can be downloaded from the device. Ensure that configuration files

are adequately protected. The options for achieving this include digitally signing and

encrypting the files, storing them in a secure location, or transmitting configuration

files only through secure communication channels.

Configuration files can be password protected during download. You enter passwords

on the WBM page "System > Load & Save > Passwords".

• When using SNMP (Simple Network Management Protocol):

– Configure SNMP to generate a notification when authentication errors occur.

For more information, see WBM "System > SNMP > Notifications".

– Ensure that the default values of the community strings are changed.

– Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-

secure and should only be used when absolutely necessary.

– If possible, prevent write access above all.

Interfaces security

• Disable unused interfaces.

• Use IEEE 802.1X for interface authentication.

• Use the function "Locked Ports" to block interfaces for unknown nodes.

• Use the configuration options of the interfaces, e.g. the "Edge Type".

• Configure the receive ports so that they discard all untagged frames ("Tagged Frames

Only").

Secure/non-secure protocols

• Use secure protocols if access to the device is not prevented by physical protection

measures.

• Restrict the use of non-secure protocols. While some protocols are secure (e.g.

HTTPS, SSH, 802.1X, etc.), others were not designed for the purpose of securing

applications (e.g. SNMPv1/v2c, RSTP, etc.).

Therefore, take appropriate security measures against non-secure protocols to

prevent unauthorized access to the device/network. Use non-secure protocols on the

device with caution.

Related product manuals