Siemens SCALANCE S615 Operating Instructions Manual page 17

• Check whether use of the following protocols is necessary:
– Telnet
– HTTP
– Broadcast pings
– Non authenticated and unencrypted interfaces
– ICMP (redirect)
– LLDP
– DHCP Options 66/67
– SNTP
– NTP
– TFTP
– TIA Portal Cloud Connector (not available with SCALANCE MUM85x)
– VRRPv3
– DNS
– SNMPv1/V2c
• If a secure alternative is available for a protocol, use it.
The following protocols provide secure alternatives:
– SNMPv1/v2 → SNMPv3
– HTTP → HTTPS
– Telnet → SSH
– NTP → Secure NTP
– TFTP → SFTP
– TIA Portal Cloud Connector using a secure connection. Use the "TIA Portal Cloud
• Using a firewall, restrict the services and protocols available to the outside to a minimum.
• For the DCP function, enable the "Read Only" mode after commissioning.
SCALANCE S615
Operating Instructions, 10/2022, C79000-G8976-C389-07
Check whether use of SNMPv1 is necessary. SNMPv1 is classified as non-secure. Use
the option of preventing write access. The product provides you with suitable setting
options.
If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
Connector" integrated in the product over a VPN solution (e.g. SINEMA RC).
Configure the firewall settings of the SCALANCE M800/S615 (e.g. predefined IPv4 rules
"Cloud Connector" to prevent unauthorized access of network devices to the "TIA Portal
Cloud Connector Server").
Security recommendations
17