● The option of VLAN structuring provides good protection against DoS attacks and
unauthorized access. Check whether this is practical or useful in your environment.
● Use a central logging server to log changes and access operations. Operate your logging
server within the protected network area and check the logging information regularly.
● Use WPA2/ WPA2-PSK with AES to protect the WLAN. You can find additional information
on this in the section ""Security" menu".
Passwords
● Define rules for the use of devices and assignment of passwords.
● Regularly update passwords and keys to increase security.
● Change all default passwords for users before you operate the device.
● Only use passwords with a high password strength. Avoid weak passwords for example
password1, 123456789, abcdefgh.
● Make sure that all passwords are protected and inaccessible to unauthorized personnel.
● Do not use the same password for different users and systems or after it has expired.
Certificates and keys
● On the device there is a preset SSL certificate with key. Replace this certificate with a self-
made certificate with key. We recommend that you use a certificate signed either by a
reliable external or by an internal certification authority.
● Use a certification authority including key revocation and management to sign certificates.
● Make sure that user-defined private keys are protected and inaccessible to unauthorized
persons.
● It is recommended that you use password-protected certificates in the PKCS #12 format
● Verify certificates and fingerprints on the server and client to prevent "man in the middle"
attacks.
● It is recommended that you use certificates with a key length of at least 2048 bits.
● Change certificates and keys immediately, if there is a suspicion of compromise.
Security recommendations
SCALANCE W1780/W1740 according to IEEE 802.11ac Web Based Management
30
Configuration Manual, 11/2019, C79000-G8976-C485-03