Siemens SIMATIC S7-400 Operating Instructions Manual page 13

● Authentication using certificates
Authentication of the CP with OPC UA communications partners using certificates.
The check of the certificates of the communications partner that are exchanged during
authentication can be set to different levels separately for the server and client function.
The CP supports the security profiles of the specification part 2, 4, 6, 7 und 12 of the
OPC Foundation.
● Encryption and signing
The encryption of the OPC UA data can be configured for the following security profiles of
the OPC UA specification:
– No security profile
– Basic128Rsa15
– Basic256
– Basic256Sha256
For the server the optional security procedures "Sign". "Encrypt" and "Sign and Encrypt"
are available.
● Write protection
You can block write access to the data area of the CPU.
● Protection of the access to diagnostics data of the CP and blocking of S7 communication
via the CP
You can block S7 connections via the CP and LAN access to the pages of the special
diagnostics on the CP.
● Logging
To allow monitoring, events can be stored in log files that can be read out using the
configuration tool or can be sent automatically to a Syslog server.
● User management
In user management you assign individual users a role. The individual roles provide
specific rights for various services.
For further information, refer to section Security recommendations (Page 35).
You will find a description of the functions in the following sections:
● STEP 7 V5: Configuration in the SCT (Page 55)
● STEP 7 Professional: Security" parameter group (Page 63)
CP 443-1 OPC UA
Operating Instructions, 01/2017, C79000-G8976-C427-02
Application and functions
1.3 Security functions
13