Table of Contents
Advertisement
• If non-secure protocols and services are required, ensure that the device is operated
in a protected network area.
• Check whether use of the following protocols and services is necessary:
– Non-authenticated and unencrypted ports
– MRP, HRP
– IGMP Snooping
– Syslog
– RADIUS
– Broadcast pings
– ICMP (redirect)
– LLDP
– DHCP Options 66/67
– SNTP
– NTP
– TFTP
– GMRP and GVRP
– VRRPv3
– DNS
– SNMPv1/V2c
• If a secure alternative is available for a protocol, use it.
The following protocols provide secure alternatives:
– SNMPv1/v2 → SNMPv3
– HTTP → HTTPS
– Telnet → SSH
– NTP → Secure NTP
– TFTP → SFTP
• Restrict the services and protocols available to the outside to a minimum.
• If you use RADIUS for management access to the device, enable secure protocols and
services.
• For the DCP function, leave the "Read-Only" mode after commissioning.
SCALANCE SC-600
Operating Instructions, 10/2021, C79000-G8976-C453-04
Check whether use of SNMPv1/v2c is necessary. SNMPv1/v2c are classified as
non-secure. Use the option of preventing write access. The device provides you
with suitable setting options.
If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
Use the authentication and encryption mechanisms of SNMPv3.
Security recommendations
17
Advertisement
Table of Contents
