Table of Contents
Advertisement
Security recommendations
• The following protocols provide secure alternatives:
– HTTP → HTTPS
– Telnet → SSH
– SNMPv1/v2c → SNMPv3
– TFTP → SFTP
– NTP → NTPsecure
• Use secure protocols when access to the device is not prevented by physical protection
measures.
• If you require non-secure protocols and services, operate the device only within a protected
network area.
• Restrict the services and protocols available to the outside to a minimum.
• If you use RADIUS for management access to the device, activate secure protocols and
services.
Interfaces security
• Disable unused interfaces.
• Use IEEE 802.1X for interface authentication.
• Use the function "Locked Ports" to block interfaces for unknown nodes.
• Use the configuration options of the interfaces, e.g. the "Edge Type".
• Configure the receive ports so that they discard all untagged frames ("Tagged Frames Only").
Available protocols
The following list provides you with an overview of the open protocol ports.
The table includes the following columns:
• Protocol
• Port
• Default port status
– Open
– Closed
14
Check whether use of SNMPv1/v2c. is necessary. SNMPv1/v2c is classified as non-secure.
Use the option of preventing write access. The device provides you with suitable setting
options.
If SNMP is enabled, change the community names. If no unrestricted access is necessary,
restrict access with SNMP.
Use the authentication and encryption mechanisms of SNMPv3.
The factory setting of the port is "Open".
The factory setting of the port is "Closed".
Operating Instructions, 02/2023, C79000-G8976-C676-01
SCALANCE XF-200G
Advertisement
Table of Contents
