Siemens SCALANCE W760 Series Operating Instructions Manual page 8

Security recommendations
● Use a central logging server to log changes and access operations. Operate your logging
server within the protected network area and check the logging information regularly.
● Use WPA2/ WPA2-PSK with AES to protect the WLAN. If iPCF or iPCF-MC is used, use
the AES encryption.
Passwords
● Define rules for the assignment of passwords.
● Regularly change your passwords to increase security.
● Use passwords with a high password strength.
● Make sure that all passwords are protected and inaccessible to unauthorized persons.
● A password must be changed if it is known or suspected to be known by unauthorized
persons.
● Do not use the same password for different users and systems.
Keys and certificates
This section deals with the security keys and certificates you require to set up HTTPS
(HyperText Transfer Protocol Secured Socket Layer).
● We strongly recommend that you create your own HTTPS certificates and make them
available.
There are preset certificates and keys on the device. The preset and automatically
created HTTPS certificates are self-signed.
We recommend that you use HTTPS certificates signed either by a reliable external or by
an internal certification authority. The HTTPS certificate checks the identity of the device
and controls the encrypted data exchange. You can install the HTTPS certificate via the
WBM (System > Load and Save).
● Handle user-defined private keys with great caution if you use user-defined SSH or SSL
keys.
● Use the certification authority including key revocation and management to sign the
certificates.
● Verify certificates and fingerprints on the server and client to avoid "man in the middle"
attacks.
● We recommend that you use certificates with a key length of 2048 bits.
● Change keys and certificates immediately, if there is a suspicion of compromise.
8
Operating Instructions, 07/2020, C79000-G8976-C322-12
SCALANCE W760/W720