Security recommendation
2
To prevent unauthorized access, note the following security recommendations.
A checklist supports you in setting up your device. You can find the checklist at the following
https://support.industry.siemens.com/cs/ww/en/view/109745536
General
● You should make regular checks to make sure that the device meets these
recommendations and/or other security guidelines.
● Evaluate your plant as a whole in terms of security. Use a cell protection concept with
suitable products:
Link: (
https://www.industry.siemens.com/topics/global/en/industrial-security/pages/
● When the internal and external network are disconnected, an attacker cannot access
internal data from the outside. Therefore operate the device only within a protected network
area.
● Use VPN to encrypt and authenticate communication from and to the devices.
● For data transmission via a non-secure network use an encrypted VPN tunnel (IPsec, Open
VPN).
● Separate connections correctly (WBM. Telnet, SSH etc.).
Physical access
● Limit physical access to the device to qualified personnel.
The memory card or the PLUG (C-PLUG, KEY-PLUG) contains sensitive data such as
certificates, keys etc. that can be read out and modified.
● Lock unused physical ports on the device. Unused ports can be used to gain forbidden
access to the plant.
Software (security functions)
● Keep the software up to date. Check regularly for security updates of the product.
You will find information on this on the Internet pages "Industrial Security (
www.siemens.com/industrialsecurity
● Inform yourself regularly about security advisories and bulletins published by Siemens
ProductCERT (
https://www.siemens.com/cert/en/cert-security-advisories.htm
).
● Only activate protocols that you really require to use the device.
● Restrict access to the management of the device with firewall rules.
● The option of VLAN structuring provides good protection against DoS attacks and
unauthorized access. Check whether this is practical or useful in your environment.
SCALANCE S615 Web Based Management
Configuration Manual, 11/2019, C79000-G8976-C388-08
25