• Ensure that the latest rmware version is installed, including all security-related patches.
You can nd the latest information on security patches for Siemens products at the Industrial
Security (https://www.siemens.com/industrialsecurity) or ProductCERT Security Advisories
(https://www.siemens.com/cert/en/cert-security-advisories.htm) website.
For updates on Siemens product security advisories, subscribe to the RSS feed on the
ProductCERT Security Advisories website or follow @ProductCert on Twitter.
• Enable only those services that are used on the device, including physical ports. Free physical
ports can potentially be used to gain access to the network behind the device.
• Use the authentication and encryption mechanisms of SNMPv3 if possible. Use strong
passwords.
• Conguration les can be downloaded from the device. Ensure that conguration les are
adequately protected.
Conguration les can be password protected during download. You enter passwords on the
WBM page "System > Load & Save > Passwords".
• When using SNMP (Simple Network Management Protocol):
– Congure SNMP to generate a notication when authentication errors occur.
For more information, see WBM "System > SNMP > Notications".
– Ensure that the default community strings are changed to unique values.
– Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-secure and
should only be used when absolutely necessary.
– If possible, prevent write access.
Interfaces security
• Disable unused interfaces.
• Use IEEE 802.1X for interface authentication.
• Use the function "Locked Ports" to block interfaces for unknown nodes.
• Use the conguration options of the interfaces, e.g. the "Edge Type".
• Congure the receive ports so that they discard all untagged frames ("Tagged Frames Only").
Security recommendations
3.1Security recommendations
SCALANCE XR-300
18 Operating Instructions, 03/2023, C79000-G8976-C586-02