Siemens SCALANCE W778-1 Operating Instructions Manual page 8

Security recommendations
• Use a central logging server to log changes and access operations. Operate your
logging server within the protected network area and check the logging information
regularly.
• Use WPA2/ WPA2-PSK with AES to protect the WLAN. If iPCF or iPCF-MC is used,
use the AES encryption.
Passwords
• Define rules for the assignment of passwords.
• Regularly change your passwords to increase security.
• Use passwords with a high password strength.
• Make sure that all passwords are protected and inaccessible to unauthorized
persons.
• A password must be changed if it is known or suspected to be known by unauthorized
persons.
• Do not use the same password for different users and systems.
Keys and certificates
• The device contains a pre-installed certificate with key. Replace this certificate with a
self-made certificate with key. We recommend that you use a certificate signed by a
reliable external or internal certification authority. You can install the certificate via
the WBM (System > Load and Save).
• Use the certification authority including key revocation and management to sign the
certificates.
• Ensure that user-defined private keys are protected and inaccessible to unauthorized
persons.
• Verify certificates and fingerprints on the server and client to prevent "man in the
middle" attacks.
• It is recommended that you use password-protected certificates in the PKCS#12
format.
• It is recommended that you use certificates with a key length of at least 2048 bits.
• Change keys and certificates immediately, if there is a suspicion of compromise.
8
Operating Instructions, 07/2020, C79000-G8976-C450-06
SCALANCE W778-1 /W738-1