1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Switch
  5. SCALANCE XRH-300
  6. Product manual

Siemens SCALANCE XRH-300 Product Manual page 17

Simatic net industrial ethernet switches
Hide thumbs
Table of Contents

Advertisement

• Terminate management connections (e.g. HTTP, HTTPS, SSH, etc.) properly.
• Make sure the device is fully decommissioned before taking the device out of service.
For more information, refer to "Supplementary documentation (Page 8)".
Secure/non-secure protocols
• Use secure protocols when access to the device is not prevented by physical protection
measures.
• Disable or limit the use of non-secure protocols. While some protocols are secure (e.g. HTTPS,
SSH, 802.1X, etc.) , others were not designed for secure applications (e.g. SNMPv1/v2c, RSTP,
etc.).
Appropriate safeguards against non-secure protocols should be taken to prevent
unauthorized access to the device/network.
• If non-secure protocols and services are required, make sure the device is operated within a
protected network area.
• When a secure alternative is available for a protocol, use the secure version instead. For
example:
– Use HTTPS instead of HTTP
– Use SNMPv3 instead of SNMPv1/v2c
• Avoid or limit use of the following:
– Non-authenticated and unencrypted protocols
– Link Layer Discovery Protocol (LLDP)
• After commissioning, make sure Discovery and Configuration Protocol (DCP) access rights
are set to read-only.
Hardware/software
• Limit critical applications and access to management services to private networks.
Connecting a SINEC OS device to the Internet is possible. However, the utmost care should
be taken to protect the device and the network behind it using secure means, such as a
firewall and IPsec.
• Whenever possible, use VLANs to protect against Denial of Service (DoS) attacks and
unauthorized access.
• Select services are enabled by default in SINEC OS. It is recommended to only enable the
minimum services that are required for your setup.
For more information about available services, "Supplementary documentation (Page 8)".
• Use the latest Web browser version compatible with SINEC OS to make sure the most secure
ciphers available are employed. Additionally, 1/n-1 record splitting is enabled in the latest
Web browser versions of Mozilla Firefox, Google Chrome and Microsoft Edge, and mitigates
against attacks such as SSL/TLS Protocol Initialization Vector Implementation Information
Disclosure Vulnerability (e.g. BEAST).
SCALANCE XRH-300/XRM-300
Equipment Manual, 10/2022, C79000-G8976-C546-01
Security recommendations
3.1 Security recommendations
17

Advertisement

Table of Contents
loading

Related Manuals for Siemens SCALANCE XRH-300

Related Products for Siemens SCALANCE XRH-300

This manual is also suitable for:

Scalance xrm-300

Table of Contents