Security recommendations
SIMATIC RF650R/RF680R/RF685R
12 Configuration Manual, 03/2018, C79000-G8976-C386-06
● Do not use the same password for different users and systems.
● Update passwords and keys regularly to improve security.
This section deals with the security keys and certificates that you need to set up SSL.
● We urgently recommend creating your own SSL certificates and making them available.
Preset certificates and keys are present in the device.
The preset and automatically created SSL certificates are self-signed. We recommend
using certificates signed either by a reliable external certification authority or an internal
certification authority.
The device has an interface via which you can import certificates and keys.
● We recommend using certificates with a key length of 2048 bits.
● If protocols support both certificates and keys, you should favor certificates.
The firmware itself is signed and encrypted. This ensures that only authentic firmware can be
downloaded to the device.
Secure/non-secure protocols
● Check whether it is necessary to use SNMPv1. SNMPv1 is classified as non-secure.
Make use of the possibility to prevent write access. The product offers corresponding
settings for this.
● If SNMP is activated, change the community names. If unrestricted access is not
necessary, limit access via SNMP.
● Use secure protocols if access to the device is not protected by means of physical
safeguards.
The following protocols provide secure alternatives:
HTTP → HTTPS
● To prevent unauthorized access to the device or network, set up appropriate safeguards
against non-secure protocols.
● Enable only the services (protocols) that will actually be used on the device. The same
applies to the installed interfaces/ports. Unused ports could be used to access the
network downstream from the device.
To Next Page
Loading...
Need help?
General