4.7.2
Secure configuration
Secure configuration involves control over all software components, along with their
interfaces, ports, and services.
Activated services and ports pose a risk.
• One possible risk is unauthorized access to the network.
• Another risk is unauthorized access to programs.
To minimize risks, only the necessary services should be activated for all automation
components.
• Take all activated services (especially Web servers, FTP, remote maintenance etc.) into
account in the security concept.
• Consider the default states of ports and services in your security concept.
You can find an overview of all ports and services used in the Communication Function
Manual (https://support.industry.siemens.com/cs/ww/en/view/59192925).
4.7.3
Access control
In addition to physical protection, also establish logical safeguards to control access to your
system:
• Use a restrictive user and rights management system (e.g. for accessing the TIA Portal)
• Refer to the information about password management in the section Protection
(Page 341) and in the STEP 7 online help (TIA Portal).
4.7.4
Handling of sensitive data
When storing your security-relevant data on your PC, independently ensure secure data
storage.
Also observe the section Sensitive data (Page 51).
S7-1500R/H redundant system
System Manual, 01/2024, A5E41814787-AF
Industrial cybersecurity
4.7 Secure operation of the system
43