Safety notices
3.3 Security recommendations
SCALANCE X-200
Operating Instructions, 03/2015, C79000-G8976-C284-06
31
This section deals with the security keys and certificates you require to set up SSL.
● We strongly recommend that you create your own SSL certificates and make them
available.
There are preset certificates and keys on the device. The preset and automatically
created SSL certificates are self-signed. We recommend that you use SSL certificates
signed either by a reliable external or by an internal certification authority.
The device has an interface via which you can import the certificates and keys.
● We recommend that you use certificates with a key length of 2048 bits.
Secure/non-secure protocols
● Check whether use of SNMPv1 is necessary. SNMPv1 is classified as non-secure. Use
the option of preventing write access. The product provides you with suitable setting
options.
● For the DCP function, enable the "DCP read-only" mode after commissioning.
● If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
● Use secure protocols when access to the device is not prevented by physical protection
measures.
The following protocols provide secure alternatives:
– SNMPv1 → SNMPv3
– HTTP → HTTPS
– Telnet → SSH
– SNTP → NTP (secure)
● Avoid or disable non-secure protocols, for example Telnet and TFTP. For historical
reasons, these protocols are still available, however not intended for secure applications.
Use non-secure protocols with caution.
● To prevent unauthorized access to the device or network, take suitable protective
measures against non-secure protocols.
Available protocols per port
The following list provides you with an overview of the open ports on this device. Keep this in
mind when configuring a firewall.
The table includes the following columns:
●
All protocols that the device supports
●
Port number assigned to the protocol
To Next Page
Loading...
