To Next Page

To Previous Page

Network structures and network configuration

2.4 Network security

Industrial Ethernet

100 System Manual, 09/2019, C79000-G8976-C242-10

between two existing networks. The designation "Perimeter network" is also used for

such a structure.

– Implementation of a patch management strategy

– Use of special hardware for firewall and VPN (SCALANCE S) to realize a cell

protection concept.

– Use of access points with WLAN-specific security functions (for example

SCALANCE W with KEY-PLUG W700 Security for Inter AP-Blocking).

– Use of hardware properties for additional protection (for example, key-operated switch

at the digital input for controlled setup of a tunnel connection).

– Use of special software for remote access (SINEMA Remote Connect).

● System integrity

– Authentication and authorization

– Use of network components with a higher resistance against attacks

– Malware detection and avoidance

– Protection of PC-based systems. As a rule, virus scanners can also be used in an OT

network. However, performance problems can arise during certain usage scenarios.

Whitelisting procedures can be used alternatively or additionally in which permissible

processes and programs can be specified explicitly.

2.4.2 Firewalls

"Gatekeeper" function

Put simply, a firewall is a device or a software application inserted between the network and

the outside world as a "gatekeeper" to protect the network. The firewall forms the sole

access to the local network from the outside, and the complete data traffic that passes

through the network boundaries is routed through the firewall. This means that the firewall

can block unwanted and potentially dangerous access from the outside. Various techniques

are available.

Packet filter

A packet filter inspects data packets entering or leaving the network, their sender and

receiver addresses and the "port", or service, to which the data packet will be transferred.

Such services might be E-mail, file transfer with FTP, database access, SSH for encrypted

transfer etc.

Filter rules stored in the firewall now block the access to certain addresses or certain

services. Firewalls can implement complex filter rules in which, for example, service "A" is

available only for IP addresses "B" and "C" but is not allowed for other communications

partners.

Category	Industrial Communication Software
Manufacturer	Siemens
Operating Systems	Windows, Linux
Protocols Supported	PROFIBUS, PROFINET, OPC UA
Compatibility	Siemens PLCs, Third-party devices with supported protocols

Siemens SIMATIC NET System Manual

Other manuals for Siemens SIMATIC NET