Siemens SCALANCE XR-300M Compact Operating Instructions page 15

Secure/non-secure protocols
● Avoid or disable non-secure protocols, for example Telnet and TFTP. For historical reasons,
these protocols are available, however not intended for secure applications. Use non-
secure protocols on the device with caution.
● Check whether use of the following protocols and services is necessary:
– Non authenticated and unencrypted ports
– MRP, HRP
– LLDP
– DHCP Options 66/67
The following protocols provide secure alternatives:
– HTTP → HTTPS
– TFTP → FTPS
– Telnet → SSH
– SNTP → NTP
– SNMPv1/v2c → SNMPv3
● Use secure protocols when access to the device is not prevented by physical protection
measures.
● If you require non-secure protocols and services, operate the device only within a protected
network area.
● Restrict the services and protocols available to the outside to a minimum.
● For the DCP function, enable the "DCP read-only" mode after commissioning.
Available protocols
The following list provides you with an overview of the open protocol ports.
The table includes the following columns:
● Protocol
● Port number
● Port status
– Open
– Closed
● Factory setting
Indicates the state of the port on delivery or after reset to factory settings.
SCALANCE XR-300M
Compact Operating Instructions, 11/2019, A5E02661171-15
Check whether use of SNMPv1/v2c. is necessary. SNMPv1/v2c are classified as non-
secure. Use the option of preventing write access. The device provides you with suitable
setting options.
If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
Use the authentication and encryption mechanisms of SNMPv3.
Recommendations on network security
15