Recommendations on network security
SCALANCE XM-400
14 Operating Instructions, 09/2018, C79000-G8976-C306-08
Software (security functions)
● Keep the firmware up to date. Check regularly for security updates for the device. You
can find information on this at the Industrial Security
(https://www.siemens.com/industrialsecurity
) website.
● Inform yourself regularly about security recommendations published by Siemens
ProductCERT (https://www.siemens.com/cert/en/cert-security-advisories.htm
).
● Only activate protocols that you require to use the device.
● Restrict access to the management of the device with rules in an access control list
(ACL).
● The option of VLAN structuring provides protection against DoS attacks and unauthorized
access. Check whether this is practical or useful in your environment.
● Use a central logging server to log changes and accesses. Operate your logging server
within the protected network area and check the logging information regularly.
● Define rules for the assignment of passwords.
● Regularly change your passwords to increase security.
● Use passwords with a high password strength.
● Make sure that all passwords are protected and inaccessible to unauthorized persons.
● Do not use the same password for different users and systems.
● On the device there is a preset SSL certificate with key. Replace this certificate with a
self-made certificate with key. We recommend that you use a certificate signed either by
a reliable external or by an internal certification authority.
● Use a certification authority including key revocation and management to sign certificates.
● Make sure that user-defined private keys are protected and inaccessible to unauthorized
persons.
● It is recommended that you use password-protected certificates in the PKCS #12 format
● Verify certificates and fingerprints on the server and client to prevent "man in the middle"
attacks.
● It is recommended that you use certificates with a key length of at least 2048 bits.
● Change certificates and keys immediately, if there is a suspicion of compromise.
To Next Page
Loading...
Need help?
General