Siemens SCALANCE XR-500 Operating Instructions Manual page 19
Simatic net industrial ethernet switches
Hide thumbs
Also See for SCALANCE XR-500:
- Configuration manual (832 pages) ,
- Operating instructions manual (112 pages) ,
- Instructions manual (60 pages)
Table of Contents
Advertisement
Secure/non-secure protocols and services
• Avoid or disable non-secure protocols and services, for example HTTP, Telnet and TFTP. For
historical reasons, these protocols are available, however not intended for secure
applications. Use non-secure protocols on the device with caution.
• Check whether use of the following protocols and services is necessary:
– Non authenticated and unencrypted ports
– HTTP
– Telnet
– SNMPv1/v2c
– NTP
– MRP, HRP, STP, RSTP and MSTP
– IGMP snooping
– LLDP
– DCP
– Syslog
– DHCP Options 66/67
– TFTP
– GMRP and GVRP
• The following protocols provide secure alternatives:
– HTTP → HTTPS
– Telnet → SSH
– SNMPv1/v2c → SNMPv3
– TFTP → SFTP
– NTP → NTPsecure
• Use secure protocols when access to the device is not prevented by physical protection
measures.
• If you require non-secure protocols and services, operate the device only within a protected
network area.
• Restrict the services and protocols available to the outside to a minimum.
• If you use RADIUS for management access to the device, activate secure protocols and
services.
SCALANCE XR-500
Operating Instructions, 07/2023, C79000-G8976-C692-01
Check whether use of SNMPv1/v2c. is necessary. SNMPv1/v2c is classified as non-secure.
Use the option of preventing write access. The device provides you with suitable setting
options.
If SNMP is enabled, change the community names. If no unrestricted access is necessary,
restrict access with SNMP.
Use the authentication and encryption mechanisms of SNMPv3.
Security recommendations
3.1 Security recommendations
19
Advertisement
Table of Contents
