Configuration
4.1 Security recommendations
Security functions of the product
Use the options for security settings in the configuration of the product. These includes
among others:
● Protection levels
– Configure a protection level of the CPU.
● Security function of the communication
– Enable the Security functions of the CP.
– Use the secure Open User Communication via the appropriate program blocks.
– Disable access to the Web server of the CPU (CPU configuration) and on the CP.
● Protection of the passwords of program blocks
Protect the passwords stored in data blocks for the program blocks from being viewed.
The procedure is described in the STEP 7 information system.
If you want to change parameters, for example a password, in a DB later, remember the
following; The contents of a DB with know-how protection are no longer visible and can
only be changed via the source or by direct assignment of parameters.
● Logging function
Enable the function in the Security configuration and check the logged events regularly
for unauthorized access.
Passwords
● Define rules for the use of devices and assignment of passwords.
● Regularly update the passwords to increase security.
● Only use passwords with a high password strength. Avoid weak passwords for example
"password1", "123456789" or similar.
● Make sure that all passwords are protected and inaccessible to unauthorized personnel.
See also the preceding section for information on this.
● Do not use one password for different users and systems.
Protocols
Secure and non-secure protocols
● Only activate protocols that you require to use the system.
● Use secure protocols when access to the device is not prevented by physical protection
measures.
The NTP protocol provides a secure alternative with NTP (secure).
42
You will find information on this in the information system of STEP 7.
Operating Instructions, 04/2017, C79000-G8976-C381-03
CP 1243-7 LTE