Siemens SIMATIC NET TeleControl S7-1200 CP 1243-1 Operating Instructions Manual page 14

Hide thumbs Also See for SIMATIC NET TeleControl S7-1200 CP 1243-1:

Operating instructions manual (230 pages)

Application example (38 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

page of 112

/ 112
Contents
Table of Contents
Bookmarks

Table of Contents

Application and properties

1.4 Industrial Ethernet Security

Security functions of the CP

As a result of using the CP, as a security module, the following security functions are

accessible to the S7-1200 station on the interface to the external network:

● Firewall

– IP firewall with stateful packet inspection (layer 3 and 4)

– Firewall also for "non-IP" Ethernet frames according to IEEE 802.3 (layer 2)

– Limitation of the transmission speed ("Bandwidth limitation")

– Global firewall rules

● Communication made secure by IPsec tunnels (VPN)

VPN tunnel communication allows the establishment of secure IPsec tunnels for

communication with one or more security modules.

The CP can be put together with other modules to form VPN groups during configuration.

IPsec tunnels (VPN) are created between all security modules of a VPN group. All

internal nodes of these security modules can communicate securely with each other

through these tunnels.

● Logging

To allow monitoring, events can be stored in log files that can be read out using the

configuration tool or can be sent automatically to a Syslog server.

● NTP (secure)

For secure transfer during time-of-day synchronization

● SNMPv3

For secure transmission of network analysis information safe from eavesdropping

● Protection for devices and network segments

The protection provided by the firewall can cover individual devices, several devices or

even entire network segments.

Note

Plants with security requirements - recommendation

Use the following options:

• If you have systems with high security requirements, use the secure protocols

NTP (secure), HTTPS and SNMPv3.

• If you connect to public networks, you should use the firewall. Think about the services

you want to allow access to the station via public networks. By using the "bandwidth

limitation" of the firewall, you can restrict the possibility of flooding and DoS attacks.

See also section Security recommendations (Page 33).

For configuring the security functions refer to the section Security (Page 47).

You will find further information on the functionality and configuration of the security functions

in the information system of STEP 7 and in the manual /4/ (Page 110).

Operating Instructions, 12/2016, C79000-G8976-C365-02

CP 1243-1

Table of Contents

Siemens SIMATIC NET TeleControl S7-1200 CP 1243-1 Operating Instructions Manual page 14

Related Manuals for Siemens SIMATIC NET TeleControl S7-1200 CP 1243-1

Related Products for Siemens SIMATIC NET TeleControl S7-1200 CP 1243-1

Table of Contents