Siemens SIMATIC NET SCALANCE M812 Operating Instructions Manual page 17

• Check whether use of the following protocols is necessary:
– Telnet
– HTTP
– Broadcast pings
– Non authenticated and unencrypted interfaces
– ICMP (redirect)
– LLDP
– DHCP Options 66/67
– SNTP
– NTP
– TFTP
– TIA Portal Cloud Connector (not available with SCALANCE MUM85x)
– VRRPv3
– DNS
– SNMPv1/V2c
• If a secure alternative is available for a protocol, use it.
The following protocols provide secure alternatives:
– SNMPv1/v2 → SNMPv3
– HTTP → HTTPS
– Telnet → SSH
– NTP → Secure NTP
– TFTP → SFTP
– TIA Portal Cloud Connector using a secure connection. Use the "TIA Portal Cloud
• Using a firewall, restrict the services and protocols available to the outside to a minimum.
• For the DCP function, enable the "Read Only" mode after commissioning.
• For command SMS, use the identifier to secure your SMS messages. You can set a
configurable value for a SCALANCE M device that, in addition to the phone number, must
match the received identifier of the SMS. You configure the identifier on the WBM page
"System > SMS > SMS Command" or with the CLI commands sms-cmd idx identifier
and sms-cmd sender.
SCALANCE M812, M816
Operating Instructions, 11/2023, C79000-G8976-C343-09
Check whether use of SNMPv1 is necessary. SNMPv1 is classified as non-secure. Use the
option of preventing write access. The product provides you with suitable setting options.
If SNMP is enabled, change the community names. If no unrestricted access is necessary,
restrict access with SNMP.
Connector" integrated in the product over a VPN solution (e.g. SINEMA RC).
Configure the firewall settings of the SCALANCE M800/S615 (e.g. predefined IPv4 rules
"Cloud Connector" to prevent unauthorized access of network devices to the "TIA Portal
Cloud Connector Server").
Security recommendations
2.1 Passwords
17