Table of Contents
Advertisement
Security
4
Security
To secure plants, systems, machines and networks against cyberthreats it is necessary to
implement (and continuously maintain) an overall industrial security concept that is state of
the art.
Perform a risk assessment in accordance with VDI/VDE 2182 or IEC 62443-3-2 and plan
the security measures with care. If necessary, seek advice from Pilz Customer Support.
4.1
Required security measures
}
The product is not protected from physical manipulation or from reading of memory con-
tents during physical access. Use appropriate measures to ensure that there is no phys-
ical access by unauthorised persons. You should also use security seals so that you can
detect any manipulation of the product or interfaces. Installation inside a lockable control
cabinet is recommended as a minimum measure.
}
The product can be incorporated into a machine network using the expansion module
PNOZ m ES ETH. Protect the product from unauthorised data exchange via the network
by using a firewall or providing other appropriate measures. Only allow the data ex-
change that's required for the application. Any data exchange that is not required for the
application must be prevented by the firewall.
}
Check the product's log for unauthorised program changes on a regular basis.
}
Modbus/TCP has no security mechanisms. Use a firewall to protect the product from un-
authorised access.
Fig.: Example network topology
}
Note the network data for risk analysis and the security measures.
}
Protect the configuration and log data from unauthorised changes.
}
Delete or destroy the chip card before disposing of the product.
Operating Manual PNOZ m B0.1
1005720-EN-04
Company firewall
Internet
Company network
Configuration computer
Machine firewall
Machine network
Product
+
PNOZ m ES ETH
| 13
Advertisement
Table of Contents
