Product overview, functions
2.4 Industrial Ethernet Security
CP 1543-1
Operating Instructions, 05/2017, C79000-G8976-C289-07
15
Industrial Ethernet Security
All-round protection - the task of Industrial Ethernet Security
With Industrial Ethernet Security, individual devices, automation cells or network segments
of an Ethernet network can be protected. The data transfer from the external network
connected to the CP 1543-1 can be protected by a combination of different security
measures:
● Data espionage (FTPS, HTTPS)
● Data manipulation
● Unauthorized access
Secure underlying networks can be operated via additional Ethernet/PROFINET interfaces
implemented by the CPU or additional CPs.
Security functions of the CP for the S7-1500 station
As result of using the CP, the following security functions are accessible to the S7-1500
station on the interface to the external network:
● Firewall
– IP firewall with stateful packet inspection (layer 3 and 4)
– Firewall also for Ethernet "non-IP" frames according to IEEE 802.3 (layer 2)
– Bandwidth limitation
– Global firewall rules
The firewall protective function can be applied to the operation of single devices, several
devices, or entire network segments.
● Logging
To allow monitoring, events can be stored in log files that can be read out using the
configuration tool or can be sent automatically to a syslog server.
● FTPS (explicit mode)
For encrypted transfer of files.
● NTP (secure)
For secure time-of-day synchronization and transmission
● SMTPS
Foe secure transfer of e-mails via port 587
● SNMPv3
For secure transmission of network analysis information safe from eavesdropping
Observe the information in section Security recommendations (Page 31).
To Next Page
Loading...
