Network Components And Software - Siemens SIMATIC ET 200AL System Manual

Distributed i/o system

Hide thumbs Also See for SIMATIC ET 200AL:

System manual (2255 pages)

Manual (86 pages)

Equipment manual (46 pages)

page of 1585

/ 1585
Contents
Table of Contents
Bookmarks

Table of Contents

2.2 Setting up PROFINET

Protective measures

The most important precautions to prevent manipulation and loss of data security in the

industrial environment are:

● Filtering and control of data traffic by means of firewall

● A virtual private network (VPN) is used to exchange private data on a public network

(Internet, for example).

The most common VPN technology is IPsec. IPsec (Internet Protocol Security) is a

collection of security protocols that are used as the basis for the IP protocol at the

mediation level and allow a secured communication via potentially unsecure IP networks.

● Segmenting in protected automation cells

This concept has the aim of protecting the lower-level network devices by means of

security modules. A group of protected devices forms a protected automation cell.

● Authentication (identification) of the devices

The security modules identify each other over a safe (encrypted) channel using

authentication procedures. It is therefore impossible for unauthorized parties to access a

protected segment.

● Encrypting the data traffic

The confidentiality of data is ensured by encrypting the data traffic. Each security module

is given a VPN certificate which includes the encryption key.