System Services; Ipsec Vpn; Security Logging - Siemens CP-8000 User Manual

Function Packages
3.1

System Services

The function package System Services provides general functions and basic services that are
required by other function packages. It contains
·

IPSec VPN

·

Security Logging

·
Communication with the engineering system
·
Integrated webserver
·
Data flow control
·
Addressing
·
Real-time concept
·
General interrogation
·
Monitoring functions
·
Failure management
·
Diagnostics and signaling
·
Autonomy
·
Storage of application data
·
Storage of firmware
3.1.1 IPSec VPN
IPSec VPN (Internet Protocol Security – Virtual Private Network) is an extension of the Inter-
net Protocol (IP) for encryption and authentication mechanisms. IPSec VPN actively estab-
lishes a VPN tunnel (initiator), which guarantees the required confidentiality, authenticity and
integrity of data transmission in IP networks. The termination of the IPSec VPN tunnel takes
place in a router. CP-8000/CP-802x supports one IPSec VPN tunnel.
Thus, it is e.g. possible, to completely secure the IEC 60870-104 communication between
CP-8000/CP-802x and a higher-level control center, even if the connection is running over a
public network.
CP-8000/CP-802x uses the IKE protocol (Internet Key Exchange) and the PSK
authentification process (Pre-Shared Key). The used pre-shared key can be set by means of
the engineering tool (e.g. SICAM TOOLBOX II) and is securely stored in SICAM TOOLBOX II
and also in CP-8000/CP-802x.
3.1.2 Security Logging
CP-8000/CP-802x provides a security logbook which acquires security-relevant events and
transmits it by means of a SysLog client to a SysLog server. One automation unit can operate
several SysLog clients (up to 20).
56
Unrestricted SICAM A8000 / CP-8000 • CP-8021 • CP-8022 Manual
DC8-037-2.02, Edition 10.2017