Security recommendations
SCALANCE W788-x / W748-1
14 Operating Instructions, 03/2022, A5E03678333-17
• Ensure that the latest firmware version is installed, including all security-related
patches.
You can find the latest information on security patches for Siemens products at the
Industrial Security (https://www.siemens.com/industrialsecurity) or ProductCERT
Security Advisories (https://www.siemens.com/cert) website.
For updates on Siemens product security advisories, subscribe to the RSS feed on the
ProductCERT Security Advisories website or follow @ProductCert on Twitter.
• Enable only those services that are used on the device, including physical ports. Free
physical ports can potentially be used to gain access to the network behind the
device.
• For optimal security, use SNMPv3 authentication and encryption mechanisms
whenever possible, and use strong passwords.
• Configuration files can be downloaded from the device. Ensure that configuration files
are adequately protected. The options for achieving this include digitally signing and
encrypting the files, storing them in a secure location, or transmitting configuration
files only through secure communication channels.
Configuration files can be password protected during download. You enter passwords
on the WBM page "System > Load & Save > Passwords".
• When using SNMP (Simple Network Management Protocol):
– Configure SNMP to generate a notification when authentication errors occur. For
more information, see WBM "System > SNMP > Notifications".
– Ensure that the default community strings are changed to unique values.
– Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-
secure and should only be used when absolutely necessary.
– If possible, prevent write access above all.
• Use the security functions such as address translation with NAT (Network Address
Translation) or NAPT (Network Address Port Translation) to protect receiving ports
from access by third parties.
• Use WPA2/ WPA2-PSK with AES to protect the WLAN. You can find additional
information in the configuration manual Web Based Management "Security menu".
To Next Page
Loading...
