Siemens CP 1542SP-1 - Page 16

122 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Application and functions

1.6 Security functions (CP 1542SP-1 IRC, CP 1543SP-1)

CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1

16 Operating Instructions, 01/2017, C79000-G8976-C426-03

●

Secure telecontrol communication

The telecontrol protocols provide the following Security functions:

– TeleControl Basic

As an integrated security function, the telecontrol protocol encrypts the data for

transfer between the CP and telecontrol server. The interval for the key exchange

between CP and telecontrol server is set to 1 hour.

The telecontrol password is used to authenticate the CP with the telecontrol server

– DNP3

The CP supports the Security mechanisms listed in the specification.

Security functions of the CP 1543SP-1

With Industrial Ethernet Security, individual devices, automation cells or network segments

of an Ethernet network can be protected. The data transfer via the CP 1543SP-1 can be

protected from the following attacks by a combination of different security measures:

● Data espionage

● Data manipulation

● Unauthorized access

Secure underlying networks can be operated via additional Ethernet/PROFINET interfaces of

the CPU.

As a result of using the CP, as a security module, the following security functions are

accessible to the ET 200SP station on the interface to the Ethernet network:

●

Firewall

The firewall protects the device with:

– IP firewall with stateful packet inspection (layer 3 and 4)

– Firewall also for "non-IP" Ethernet frames according to IEEE 802.3 (layer 2)

– Limitation of the transmission speed ("Bandwidth limitation")

●

Certificates

For the secure authentication of the communications partners, certificates are used.

●

Communication made secure by IPsec tunnels (VPN)

VPN tunnel communication allows the establishment of secure IPsec tunnels for

communication with one or more security modules. The CP can be put together with

other modules to form VPN groups during configuration. IPsec tunnels (VPN) are created

between all security modules of a VPN group.

●

Logging

To allow monitoring, events can be stored in log files that can be read out using the

configuration tool or can be sent automatically to a Syslog server.

●

NTP (secure)

For secure transfer during time-of-day synchronization

Table of Contents

Related product manuals

Preview: Siemens SIMATIC S7-CPs

Siemens SIMATIC S7-CPs

Preview: Siemens RX1400

Preview: Siemens Giga762SX

Siemens Giga762SX

Preview: Siemens PXG3 Series

Siemens PXG3 Series

Preview: Siemens 4100 Series

Siemens 4100 Series

Preview: Siemens SCALANCE S615

Siemens SCALANCE S615

Siemens SCALANCE M874-3

Preview: Siemens RUGGEDCOM RS900

Siemens RUGGEDCOM RS900

Preview: Siemens SpeedStream 2105

Siemens SpeedStream 2105

Preview: Siemens SCALANCE M-800 Series

Siemens SCALANCE M-800 Series

Preview: SIMATIC NET SCALANCE S615

SIMATIC NET SCALANCE S615