Section 3
Secure system setup
3.3
3.4
18
IEC13000268 V2 EN-US
Figure 4:
Optical ethernet ports, position X311, rear view
FTP access with TLS, FTPACCS
The FTP Client defaults to the best possible security mode when trying to negotiate
with TLS.
The automatic negotiation mode acts on configured port number 21 and server
features, it tries to negotiate with explicit TLS via AUTH TLS. If the specified port
is any other, it tries to negotiate in a similar way.
Using FTP without TLS encryption gives the FTP client reduced capabilities. This
mode is only for accessing disturbance recorder data from the IED.
If normal FTP is required to read out disturbance recordings, create
a specific account for this purpose with rights only to do File
transfer. The password of this user will be exposed in clear text on
the wire.
Encryption algorithms
TLS connections are encrypted with AES 256 if possible or AES 128 as a
minimum. At startup a negotiation decides between these two options.
1MRK 511 399-UEN B
IEC13000268-2-en.vsd
GUID-9E64EA68-6FA9-4576-B5E9-92E3CC6AA7FD v3
GUID-ED920AF8-06D3-441D-9AE4-52386DBB9D3D v3
670 series 2.2 IEC
Cyber security deployment guideline