Virtual Private Networks" (Vpns); Cell Protection Concept - Siemens SIMATIC NET System Manual

Network structures and network configuration
2.4 Network security
2.4.4

"Virtual Private Networks" (VPNs)

The function of Virtual Private Networks
A VPN is used to transmit private data in a public network by "embedding" the private
communication in the traffic of the public network.
The participants of the VPN have the impression that they are connected directly to each
other. They do not notice the intermediate steps that are introduced during transfer via the
public network. This is also called "tunneling" through the public network. For example, two
subnetworks of a company that lie very far apart can be connected by means of VPNs in
such a manner that they can be addressed as a single unit by the users.
Security of VPNs
The term "private" relates primarily to the use of VPNs and not to the confidentiality of the
data: VPNs are not automatically secure since the data traffic is not encrypted from the very
beginning. If, however, suitable encryption techniques are used, communication via the VPN
is practically safe from eavesdropping.
See also
Encryption and data security (Page 58)
2.4.5

Cell protection concept

Basics
In the cell protection concept, a plant network is divided into individual protected cells in
which all devices can securely communicate with each other to protect the automation
systems. In the sense of the cell protection concept, production units, for example, are
worthy of protecting.
The following graphic illustrates this. A production cell is protected against unauthorized
access from the remaining enterprise network through a SCALANCE S Industrial Security
Appliance or through further components with firewall and VPN functionality.
102
System Manual, 09/2019, C79000-G8976-C242-10
Industrial Ethernet