1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Control Unit
  5. CP 1243-7 LTE
  6. Operating instructions manual

Siemens CP 1243-7 LTE Operating Instructions Manual page 17

Simatic net
Hide thumbs
Table of Contents

Advertisement

Note
Plants with security requirements - recommendation
Use the following option:
• If you have systems with high security requirements, use the secure protocols
NTP (secure) and HTTPS.
• If you connect to public networks, you should use the firewall. Think about the services
you want to allow access to the station via public networks. By using the "bandwidth
limitation" of the firewall, you can restrict the possibility of flooding and DoS attacks.
Industrial Ethernet Security - Security functions of the CP
The following security functions can be used independently of telecontrol communication.
With Industrial Ethernet Security, individual devices, automation cells or network segments
of an IP-based network can be protected. The data transfer via the CP can be protected from
the following attacks by a combination of different security measures:
● Data espionage
● Data manipulation
● Unauthorized access
Secure underlying networks can be operated via additional Ethernet/PROFINET interfaces of
the CPU.
As a result of using the CP as a security module, the following additional security functions
are accessible to the S7-1200 station on the interface to the external network:
● Firewall
– IP firewall with stateful packet inspection (layer 3 and 4)
– Firewall also for "non-IP" Ethernet frames according to IEEE 802.3 (layer 2)
– Limitation of the transmission speed ("Bandwidth limitation")
– Global firewall rules
● Communication made secure by IPsec tunnels (VPN)
VPN tunnel communication allows the establishment of a secure IPsec tunnel for
communication with a security module.
The CP can be put together with other modules to form VPN groups during configuration.
IPsec tunnels (VPN) are created between all security modules of a VPN group. All
internal nodes of these security modules can communicate securely with each other
through these tunnels.
● Logging
To allow monitoring, events can be stored in log files that can be read out using the
configuration tool or can be sent automatically to a Syslog server.
For information on configuring the security functions, refer to the section Auto-Hotspot.
You will find further information on the functionality and configuration of the security functions
in the information system of STEP 7 and in the manual /5/ (Page 152).
CP 1243-7 LTE
Operating Instructions, 04/2017, C79000-G8976-C381-03
Application and properties
1.4 Security functions
17
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Siemens CP 1243-7 LTE

Related Products for Siemens CP 1243-7 LTE

This manual is also suitable for:

S7-1200 telecontrolCp 1243-7 lte-euCp 1243-7 lte-us

Table of Contents