Siemens SIMATIC NET SCALANCE W760 Operating Instructions Manual page 14

Security recommendations
• Ensure that the latest firmware version is installed, including all security-related
patches.
You can find the latest information on security patches for Siemens products at the
Industrial Security (https://www.siemens.com/industrialsecurity) or ProductCERT
Security Advisories (https://www.siemens.com/cert) website.
For updates on Siemens product security advisories, subscribe to the RSS feed on the
ProductCERT Security Advisories website or follow @ProductCert on Twitter.
• Enable only those services that are used on the device, including physical ports. Free
physical ports can potentially be used to gain access to the network behind the device.
• For optimal security, use SNMPv3 authentication and encryption mechanisms
whenever possible, and use strong passwords.
• Configuration files can be downloaded from the device. Ensure that configuration files
are adequately protected. The options for achieving this include digitally signing and
encrypting the files, storing them in a secure location, or transmitting configuration
files only through secure communication channels.
Configuration files can be password protected during download. You enter passwords
on the WBM page "System > Load & Save > Passwords".
• When using SNMP (Simple Network Management Protocol):
– Configure SNMP to generate a notification when authentication errors occur. For
– Ensure that the default community strings are changed to unique values.
– Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-
– If possible, prevent write access above all.
• Use the security functions such as address translation with NAT (Network Address
Translation) or NAPT (Network Address Port Translation) to protect receiving ports
from access by third parties.
• Use WPA2/ WPA2-PSK with AES to protect the WLAN. You can find additional
information in the configuration manual Web Based Management "Security menu".
Secure/ non-secure protocols
• Use secure protocols if access to the device is not prevented by physical protection
measures.
• Disable or restrict the use of non-secure protocols. While some protocols are secure
(e.g. HTTPS, SSH, 802.1X, etc.), others were not designed for the purpose of securing
applications (e.g. SNMPv1/v2c, RSTP, etc.).
Therefore, take appropriate security measures against non-secure protocols to
prevent unauthorized access to the device/network. Use non-secure protocols on the
device using a secure connection (e.g. SINEMA RC).
14
more information, see WBM "System > SNMP > Notifications".
secure and should only be used when absolutely necessary.
Operating Instructions, 03/2022, C79000-G8976-C322-13
SCALANCE W760 / W720