Siemens SIMATIC RF600 Series Configuration Manual page 10

Security recommendations
● Do not use the same password for different users and systems.
● Update passwords and keys regularly to improve security.
Keys and certificates
This section deals with the security keys and certificates that you need to set up SSL.
● We urgently recommend creating your own SSL certificates and making them available.
Preset certificates and keys are present in the device.
The preset and automatically created SSL certificates are self-signed. We recommend
using certificates signed either by a reliable external certification authority or an internal
certification authority.
The device has an interface via which you can import certificates and keys.
● We recommend using certificates with a key length of at least 2048 bits.
● If protocols support both certificates and keys, you should favor certificates.
Firmware encryption
The firmware itself is signed and encrypted. This ensures that only authentic firmware can be
downloaded to the device.
Secure/non-secure protocols
● Check whether it is necessary to use SNMPv1. SNMPv1 is classified as non-secure.
Make use of the possibility to prevent write access. The product offers corresponding
settings for this.
● If SNMP is activated, change the community names. If unrestricted access is not
necessary, limit access via SNMP.
● Use secure protocols if access to the device is not protected by means of physical
safeguards.
The following protocols provide secure alternatives:
HTTP → HTTPS
● To prevent unauthorized access to the device or network, set up appropriate safeguards
against non-secure protocols.
● Enable only the services (protocols) that will actually be used on the device. The same
applies to the installed interfaces/ports. Unused ports could be used to access the
network downstream from the device.
10
Configuration Manual, 11/2018, C79000-G8976-C386-07
SIMATIC RF600