Further Recommended Security Measures - Siemens SENTRON 7KN POWERCENTER 3000 Manual

Iot data platforms

Hide thumbs Also See for SENTRON 7KN POWERCENTER 3000:

Manual (102 pages)

Quick install manual (2 pages)

Manual (112 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

page of 148

/ 148
Contents
Table of Contents
Bookmarks

Table of Contents

Installing, connecting, commissioning

4.7 Security features

• Continuous vulnerability management: For 7KN Powercenter 3000 as for many other

Siemens devices, continuous vulnerability management is set up. This means that if

security vulnerabilities are found in individual program sections, they are published via

Siemens ProductCERT and rectified as soon as possible in a firmware update.

The following services must be considered in the external network environment:

Service

Layer 3 / 4

Data transfer to

MindSphere

Web user interface

Modbus TCP gateway

Time synchronization

(client)

Time synchronization

(server)

Identification service

Name resolution in

the local subnet

MQTT Cloud Service

adjustable

4.7.2

Further recommended security measures

The security disclaimer always applies, see Security instructions.

Nevertheless, the 7KN Powercenter 3000 provides the most important security features for

operation in an intranet.

Moreover, the following measures are recommended against attacks from the Internet, using

special devices such as Ethernet switches or IP routers:

• Firewall: A firewall restricts data traffic in a network to that which is strictly necessary.

Data traffic that is not required is filtered out. This substantially reduces vulnerability to

attack. A firewall must be configured for this. E.g. only the necessary ports are enabled

(see table in Security features on the external Ethernet interface (Page 39)). Depending on

the quality and care in setup of the firewall, unknown / non-permitted subnet and IP

addresses can be filtered out.

The firewall functions are typically located in a central router or Ethernet switch, e.g.

SCALANCE xxx.

The 7KN Powercenter 3000 already offers firewall subfunctions (Firewall Whitelist). You

will find further information in section IP filter in Security features on the external

Ethernet interface (Page 39).

Layer 7

TCP

https

TCP

http

TCP

Modbus TCP

UDP

NTP

UDP

NTP

UDP

LLMNR

TCP

MQTT via TLS

TCP

MQTT

7KN POWERCENTER 3000

Port

Interface

X1P1

Def. 80

X1P1 & X2P1

Def. 502

X1P1 & X2P1

17008

X1P1 & X2P1

5355

X1P1 & X2P1

X1P1

Equipment Manual, 07/2020, L1V30579222003-03

Remote Partner

Host

Port

MindSphere

433

123

17009

Cloud

8883 *)

Cloud

1883 *)

7KN POWERCENTER 3000

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Further Recommended Security Measures - Siemens SENTRON 7KN POWERCENTER 3000 Manual

Further recommended security measures

Hide quick links:

Related Manuals for Siemens SENTRON 7KN POWERCENTER 3000

Related Content for Siemens SENTRON 7KN POWERCENTER 3000

Table of Contents