EasyManua.ls Logo

Siemens CP 1243-7 LTE - Page 17

Siemens CP 1243-7 LTE
154 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Application and properties
1.4 Security functions
CP 1243-7 LTE
Operating Instructions, 04/2017, C79000-G8976-C381-03
17
Note
Plants with security requirements - recommendation
Use the following option:
If you have systems with high security requirements, use the secure protocols
NTP (secure) and HTTPS.
If you connect to public networks, you should use the firewall. Think about the services
you want to allow access to the station via public networks. By using the "bandwidth
limitation" of the firewall, you can restrict the possibility of flooding and DoS attacks.
Industrial Ethernet Security - Security functions of the CP
The following security functions can be used independently of telecontrol communication.
With Industrial Ethernet Security, individual devices, automation cells or network segments
of an IP-based network can be protected. The data transfer via the CP can be protected from
the following attacks by a combination of different security measures:
Data espionage
Data manipulation
Unauthorized access
Secure underlying networks can be operated via additional Ethernet/PROFINET interfaces of
the CPU.
As a result of using the CP as a security module, the following additional security functions
are accessible to the S7-1200 station on the interface to the external network:
Firewall
IP firewall with stateful packet inspection (layer 3 and 4)
Firewall also for "non-IP" Ethernet frames according to IEEE 802.3 (layer 2)
Limitation of the transmission speed ("Bandwidth limitation")
Global firewall rules
Communication made secure by IPsec tunnels (VPN)
VPN tunnel communication allows the establishment of a secure IPsec tunnel for
communication with a security module.
The CP can be put together with other modules to form VPN groups during configuration.
IPsec tunnels (VPN) are created between all security modules of a VPN group. All
internal nodes of these security modules can communicate securely with each other
through these tunnels.
Logging
To allow monitoring, events can be stored in log files that can be read out using the
configuration tool or can be sent automatically to a Syslog server.
For information on configuring the security functions, refer to the section Auto-Hotspot.
You will find further information on the functionality and configuration of the security functions
in the information system of STEP 7 and in the manual /5/ (Page 152).

Table of Contents

Related product manuals