Table of Contents
Advertisement
Passwords
● Define rules for the assignment of passwords.
● Regularly change your passwords to increase security.
● Use passwords with a high password strength.
● Make sure that all passwords are protected and inaccessible to unauthorized persons.
● Do not use the same password for different users and systems.
Certificates and keys
● On the device there is a preset SSL certificate with key. Replace this certificate with a self-
made certificate with key. We recommend that you use a certificate signed either by a
reliable external or by an internal certification authority.
● Use a certification authority including key revocation and management to sign certificates.
● Make sure that user-defined private keys are protected and inaccessible to unauthorized
persons.
● It is recommended that you use password-protected certificates in the PKCS #12 format
● Verify certificates and fingerprints on the server and client to prevent "man in the middle"
attacks.
● It is recommended that you use certificates with a key length of at least 2048 bits.
● Change certificates and keys immediately, if there is a suspicion of compromise.
Secure/non-secure protocols and services
● Avoid or disable non-secure protocols and services, for example HTTP, Telnet and TFTP.
For historical reasons, these protocols are available, however not intended for secure
applications. Use non-secure protocols on the device with caution.
● Check whether use of the following protocols and services is necessary:
– Non authenticated and unencrypted ports
– MRP, HRP
– IGMP snooping
– LLDP
– Syslog
– RADIUS
– DHCP Options 66/67
– TFTP
– GMRP and GVRP
SCALANCE XC-200
Operating Instructions, 12/2017, C79000-G8976-C442-03
2.1 Recommendations on network security
Safety notices
13
Hide quick links:
Advertisement
Table of Contents
