● Use a central logging server to log changes and accesses. Operate your logging server
within the protected network area and check the logging information regularly.
● We recommend formatting a PLUG that is not being used.
Passwords
● Define rules for the use of devices and assignment of passwords.
● Regularly update passwords and keys to increase security.
● Change all default passwords for users before you operate the device.
● Only use passwords with a high password strength. Avoid weak passwords for example
password1, 123456789, abcdefgh.
● Make sure that all passwords are protected and inaccessible to unauthorized personnel.
● Do not use the same password for different users and systems or after it has expired.
Keys and certificates
This section deals with the security keys and certificates you require to set up TLS, VPN (IPsec,
OpenVPN) and SINEMA RC.
● The device contains a pre-installed X.509 certificate with key. Replace this certificate with
a self-made certificate with key. We recommend that you use a certificate signed by a
reliable external or internal certification authority.
● Use the certification authority including key revocation and management to sign the
certificates.
● Make sure that user-defined private keys are protected and inaccessible to unauthorized
persons.
● Verify certificates and fingerprints on the server and client to prevent "man in the middle"
attacks.
● It is recommended that you use password-protected certificates in the PKCS#12 format.
● It is recommended that you use certificates with a key length of at least 2048 bits.
● Change keys and certificates immediately, if there is a suspicion of compromise.
Security recommendation
SCALANCE S615 Web Based Management
26
Configuration Manual, 11/2019, C79000-G8976-C388-08