Table of Contents
Advertisement
Security recommendations
2.1 Security recommendations
• Use the authentication and encryption mechanisms of SNMPv3 if possible. Use strong
passwords.
• Configuration files can be downloaded from the device. Ensure that configuration files are
adequately protected.
Configuration files can be password protected during download. You enter passwords on the
WBM page "System > Load & Save > Passwords".
• When using SNMP (Simple Network Management Protocol):
– Configure SNMP to generate a notification when authentication errors occur.
– Ensure that the default community strings are changed to unique values.
– Use SNMPv3 whenever possible. SNMPv1 and SNMPv2c are considered non-secure and
– If possible, prevent write access.
Secure/ non-secure protocols
• Use secure protocols if access to the device is not prevented by physical protection measures.
• Restrict the use of non-secure protocols. While some protocols are secure (e.g. HTTPS, SSH,
802.1X, etc.), others were not designed for the purpose of securing applications (e.g.
SNMPv1/v2c, RSTP, etc.).
Therefore, take appropriate security measures against non-secure protocols to prevent
unauthorized access to the device/network. Use non-secure protocols on the device using a
secure connection (e.g. SINEMA RC).
• If non-secure protocols and services are required, ensure that the device is operated in a
protected network area.
• Check whether use of the following protocols is necessary:
– Telnet
– HTTP
– Broadcast pings
– Non authenticated and unencrypted interfaces
– ICMP (redirect)
– LLDP
– DHCP Options 66/67
– SNTP
– NTP
– TFTP
– TIA Portal Cloud Connector (not available with SCALANCE MUM85x)
– VRRPv3
– DNS
– SNMPv1/V2c
14
For more information, see WBM "System > SNMP > Notifications".
should only be used when absolutely necessary.
Operating Instructions, 02/2023, C79000-G8976-C628-05
SCALANCE MUM856-1
Advertisement
Table of Contents
