● The following protocols provide secure alternatives:
– SNMPv1/v2 → SNMPv3
– HTTP → HTTPS
– Telnet → SSH
– TFTP → SFTP
● Use secure protocols when access to the device is not prevented by physical protection
measures.
● To prevent unauthorized access to the device or network, take suitable protective
measures against non-secure protocols.
● If you require non-secure protocols and services, activate these at interfaces that are
located within a protected network area.
● Using a firewall, restrict the services and protocols available to the outside to a minimum.
● For the DCP function, enable the "DCP read-only" mode after commissioning.
Available protocols per port
The following list provides you with an overview of the open ports on this device. Keep this in
mind when configuring a firewall.
The table includes the following columns:
● Protocol
All protocols that the device supports
● Port number
Port number assigned to the protocol
● Port status
– Open
– Open (when configured)
SCALANCE M874, M876
Operating Instructions, 08/2018, C79000-G8976-C331-08
Check whether use of SNMPv1 is necessary. SNMPv1 is classified as non-secure.
Use the option of preventing write access. The product provides you with suitable
setting options.
If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
The port is always open and cannot be closed.
The port is open if it has been configured.
Security recommendations
11