Siemens S7-400 Equipment Manual page 54

Configuration and operation
6.1 Security recommendations
• Protection levels
Configure access to the CPU under "Protection".
• Leave access to the Web server of the CPU (CPU configuration) and to the Web server of
the CP disabled.
• Logging function
Enable the function in the security configuration and check the logged events regularly for
unauthorized access.
• Protection of the passwords of program blocks
Protect the passwords stored for the blocks in data blocks from being viewed. The
procedure is described below.
Know-how protection of blocks (STEP 7 V5)
You can prevent the contents of data blocks (e.g. passwords) from being read out by
protecting the block with the "KNOW_HOW_PROTECT" option. Follow the steps outlined
below in STEP 7.
1. Select the DB in the block folder.
2. Open the block in the editor.
3. Close the block in the editor.
4. Generate a source from the block in the editor.
5. Select the source of the DB in the sources folder.
6. Open the source.
7. Insert an empty line in the header of the source and write "KNOW_HOW_PROTECT" in this
line.
8. Compile the source.
Result: The block is protected. You can recognize this by the padlock symbol of the DB in
the block folder.
If you want to later change parameters in a DB, for example a password, remember the
following: The contents of a DB with know-how protection are no longer visible and can only
be changed via the source or by direct assignment of parameters.
Passwords
• Define rules for the use of devices and assignment of passwords.
• Regularly update the passwords to increase security.
• Only use passwords with a high password strength. Avoid weak passwords for example
"password1", "123456789" or similar.
• Make sure that all passwords are protected and inaccessible to unauthorized personnel.
See also the preceding section for information on this.
• Do not use one password for different users and systems.
54
Equipment Manual, 03/2023, C79000-G8976-C256-07
CP 443-1 Advanced