Siemens SIMATIC NET SCALANCE W720 Operating Instructions Manual page 9

Secure/non-secure protocols and services
● Avoid and disable non-secure protocols, for example Telnet and TFTP. For historical
reasons, these protocols are still available, however not intended for secure applications.
Use non-secure protocols on the device with caution.
● Check whether use of the following protocols and services is necessary:
– Non-authenticated and unencrypted ports
– LLDP
– Syslog
– DHCP options 66/67
– TFTP
● The following protocols provide secure alternatives:
– SNMPv1/v2c → SNMPv3
– HTTP → HTTPS
– Telnet → SSH
– TFTP → SFTP
● Use secure protocols when access to the device is not prevented by physical protection
measures.
● To prevent unauthorized access to the device or network, take suitable protective
measures against non-secure protocols.
● If you require non-secure protocols and services, operate the device only within a
protected network area.
● Restrict the services and protocols available to the outside to a minimum.
● For the DCP function, enable the "Read Only" mode after commissioning.
List of available services
The following is a list of all available services and their ports through which the device can be
accessed.
The table includes the following columns:
● Service
The services that the device supports
● Default port status
This is the status of the port in the delivery state (factory setting).
SCALANCE W760/W720
Operating Instructions, 10/2019, C79000-G8976-C322-11
Check whether use of SNMPv1/v2c is necessary. SNMPv1/v2c is classified as non-
secure. Use the option of preventing write access. The product provides you with
suitable setting options.
If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
Use SNMPv3 in conjunction with passwords.
Security recommendations
9