1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Switch
  5. SIMATIC NET SCALANCE SC-600
  6. Configuration manual

Siemens SIMATIC NET SCALANCE SC-600 Configuration Manual page 61

Industrial ethernet security web based management (wbm)
Hide thumbs Also See for SIMATIC NET SCALANCE SC-600:
Table of Contents

Advertisement

To provide security, the IPsec protocol suite uses various protocols:
• The Encapsulation Security Payload (ESP) encrypts the data.
• The Security Association (SA) contains the specifications negotiated between the
partners, e.g. about the lifetime of the key, the encryption algorithm, the period for
new authentication etc.
• Internet Key Exchange (IKE) is a key exchange method. The key exchange takes
place in two phases:
– Phase 1
– Phase 2
Authentication method
• CA certificate, device and partner certificate (digital signatures)
The use of certificates is an asymmetrical cryptographic system in which every node
(device) has a pair of keys. Each node has a secret, private key and a public key of
the partner. The private key allows the device to authenticate itself and to generate
digital signatures.
• Pre-shared key
The use of a pre-shared key is a symmetrical cryptographic system. Each node has
only one secret key for decryption and encryption of data packets. The authentication
is via a common password.
Local ID and remote ID
The local ID and the remote ID are used by IPsec to uniquely identify the partners (VPN
end point) during establishment of a VPN connection.
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
In this phase, no security services such as encryption, authentication and integrity
checks are available yet since the required keys and the IPsec SA still need to be
created. Phase 1 serves to establish a secure VPN tunnel for phase 2. To achieve
this, the communications partners negotiate an ISAKMP Security Association
(ISAKMP SA) that defines the required security services (algorithms,
authentication methods used). The subsequent messages and phase 2 are
therefore secure.
Phase 2 serves to negotiate the required IPsec SA. Similar to phase 1, exchanging
offers achieves agreement about the authentication methods, the algorithms and
the encryption method to protect the IP packets with IPsec AH and IPsec ESP.
The exchange of messages is protected by the ISAKMP SA negotiated in phase 1.
Due to the ISAKMP SA negotiated in phase 1, the identity of the nodes is known
and the method for the integrity check already exists.
Technical basics
3.8 Security functions
61
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Siemens SIMATIC NET SCALANCE SC-600

Related Products for Siemens SIMATIC NET SCALANCE SC-600

This manual is also suitable for:

Simatic net scalance sc622-2cSimatic net scalance sc632-2cSimatic net scalance sc636-2cSimatic net scalance sc642-2cSimatic net scalance sc646-2c

Table of Contents