Siemens SCALANCE XC-200 Operating Instructions Manual page 13

● The option of VLAN structuring provides protection against DoS and unauthorized
access. Check whether this is practical or useful in your environment.
● Use a central logging server to log changes and accesses. Operate your logging server
within the protected network area and check the logging information regularly.
Passwords
● Define rules for the assignment of passwords.
● Regularly change your passwords to increase security.
● Use passwords with a high password strength.
● Make sure that all passwords are protected and inaccessible to unauthorized persons.
● Do not use the same password for different users and systems.
Certificates and keys
● On the device there is a preset SSL certificate with key. Replace this certificate with a
self-made certificate with key. We recommend that you use a certificate signed either by
a reliable external or by an internal certification authority.
● Use a certification authority including key revocation and management to sign certificates.
● Make sure that user-defined private keys are protected and inaccessible to unauthorized
persons.
● It is recommended that you use password-protected certificates in the PKCS #12 format
● Verify certificates and fingerprints on the server and client to prevent "man in the middle"
attacks.
● It is recommended that you use certificates with a key length of at least 2048 bits.
● Change certificates and keys immediately, if there is a suspicion of compromise.
SCALANCE XC-200
Operating Instructions, 07/2016, C79000-G8976-C442-01
2.1 Recommendations on network security
Safety notices
13