Siemens SIMATIC NET PE408 Operating Instructions Manual

Recommendations on network securityExtender for SCALANCE XM-400Operating Instructions, 09/2018, C79000-G8976-C332-08 15Secure/non-secure protocols and services● Avoid or disable non-secure protocols and services, for example HTTP, Telnet and TFTP.For historical reasons, these protocols are available, however not intended for secureapplications. Use non-secure protocols on the device with caution.● Check whether use of the following protocols and services is necessary:– Non authenticated and unencrypted ports– MRP, HRP– IGMP snooping– LLDP– Syslog– RADIUS– DHCP Options 66/67– TFTP– GMRP and GVRP● The following protocols provide secure alternatives:– HTTP → HTTPS– Telnet → SSH– SNMPv1/v2c → SNMPv3Check whether use of SNMPv1/v2c. is necessary. SNMPv1/v2c is classified as non-secure. Use the option of preventing write access. The device provides you withsuitable setting options.If SNMP is enabled, change the community names. If no unrestricted access isnecessary, restrict access with SNMP.Use the authentication and encryption mechanisms of SNMPv3.● Use secure protocols when access to the device is not prevented by physical protectionmeasures.● If you require non-secure protocols and services, operate the device only within aprotected network area.● Restrict the services and protocols available to the outside to a minimum.● For the DCP function, enable the "Read Only" mode after commissioning.● If you use RADIUS for management access to the device, activate secure protocols andservices.