Table of Contents
Advertisement
Areas of application
● Local area networks can be connected together securely via the Internet ("site-to-site"
connection).
● Secure access to a company network ("end-to-site" connection)
● Secure access to a server ("end-to-end" connection)
● Communication between two servers without being accessible to third parties (end-to-end
or host-to-host connection)
● Ensuring information security in networked automation systems
● Securing the computer systems including the associated data communication within an
automation network or secure remote access via the Internet
● Secure remote access from a PC/programming device to automation devices or networks
protected by security modules via public networks.
Cell protection concept
With Industrial Ethernet Security, individual devices or network segments of an Ethernet
network can be protected:
● Access to individual devices and network segments protected by security modules is
allowed.
● Secure connections via non-secure network structures becomes possible.
Due to the combination of different security measures such as firewall, NAT/NAPT routers
and VPN via IPsec tunnels, security modules protect against the following:
● Data espionage
● Data manipulation
● Unwanted access
3.17.4.2
Creating a VPN tunnel for S7 communication between stations
Requirements
To allow a VPN tunnel to be created for S7 communication between two S7 stations or
between an S7 station and an engineering station with a security CP (for example CP 1628),
the following requirements must be met:
● The two stations have been configured.
● The CPs in both stations must support the security functions.
● The Ethernet interfaces of the two stations are located in the same subnet.
Configuration - DNP3
Configuration Manual, 11/2018, C79000-G8976-C508-01
Configuration
3.17 Security (CP) and certificates
77
Hide quick links:
Advertisement
Table of Contents
