×
Siemens Industry Online Support
Siemens AG
Entry type: Application example Entry ID: 22056713, Entry date: 04/08/2013
(0)
Rate

Industrial Security with SCALANCE S Modules over IPSec VPN Tunnels

  • Entry
  • Associated product(s)
Task The task of this application is to demonstrate how data integrity, confidentiality and security can be ensured in industrial communication. Service employees are to be enabled to connect their PGs / PCs to the automation network via a secure connection and to run selected services. Access to...

Task
The task of this application is to demonstrate how data integrity, confidentiality and security can be ensured in industrial communication. Service employees are to be enabled to connect their PGs / PCs to the automation network via a secure connection and to run selected services. Access to the company network should be blocked. The secure connection is to be implemented easily, cost-effectively and without IT expert knowledge.

Solution   
The core functionality of this application is the SIMATIC NET security concept. This solution allows you to eliminate risks that may arise through the use of integrated Ethernet structures and Internet technologies in sensitive areas. Parts of this concept include the SCALANCE S612 V3, SCALANCE S623 Security Module and the SOFTNET Security Client. With these modules, a secure connection can be established by means of an IPSec VPN tunnel.

Your advantages at a glance:

  • Protection of sensitive areas and production plants through communication via VPN tunnels.
  • Protection of automation cells that do not have protection mechanisms of their own.
  • Elimination of risks from the IT world (hackers, worms, etc.).
  • Quick and reaction-free integration into existing automation plants.
  • Easy configuration of the security modules using the convenient and common Security Configuration Tool configuration software.
  • Secure communication possible for all S7 controllers (e.g., WinAC, SIMOTION, S7-300/400).

Three documents present different solution strategies:

Document 1 describes the connection, for maintenance purposes, of a service employee to the automation network via LAN or WAN with the SCALANCE S612 V3.

  • Configuration of a VPN tunnel in bridge/routing mode
  • Configuration of an S7 connection
  • Establishment of a VPN connection between an S612 V3 and the SOFTNET Security Client

Document 2 describes an approach with the SCALANCE S623. Through its three ports and a VPN and firewall functionality, the module allows you to connect and separate several networks.

  • Configuration of a VPN tunnel with the SCALANCE S623 in routing mode between a service employee and the automation cell
  • Configuration of the firewall to restrict communication between the networks
  • Establishment of a VPN connection between an S623 and the SOFTNET Security Client

Document 3 is based on the configuration from Document 1 and describes a more complex remote maintenance concept. Here a service employee can access the remote stations with the aid of remote maintenance software (e.g., VNC or PCAnywhere) via a central service station. Basically, this concept can be achieved with two configured VPN tunnels in routing mode.

  • Configuration of two different VPN connections in routing mode
  • Establishment of a VPN connection between an S612 V3 and the SOFTNET Security Client
  • Installation and configuration of remote maintenance software based on VNC (client and server).

Downloads

Content of Downloads

Download

Documentation 1
Security with SCALANCE S612 V3 Moduls over IPSec secured VPN Tunnels
22056713_S612_VPN_DOKU_V30_en.pdf ( 4095 KB )
Code
STEP 7 projects

22056713_S612_VPN_CODE_V30.zip ( 897 KB )

Documentation 2
Configuring Secure Remote Maintenance Access with the Aid of the SCALANCE S623
22056713_VPN_S623_DOKU_V10_en.pdf ( 936 KB )
Code
STEP 7 projects
22056713_VPN_S623_CODE_V10.zip ( 1050 KB )

Documentation 3
Remote Control Concept with SCALANCE S Modules over IPSec secured VPN tunnels

22056713_RemoteAccess_S612_DOKU_V20_en.pdf ( 1936 KB )
Code
STEP 7 projects
22056713_RemoteAccess_S612_CODE_V20.zip ( 415 KB )

Additional Information

Titel

Link

Protection of an Automation Cell Using the SCALANCE S602 V3 and SCALANCE S623 Security Modules via a Firewall Entry ID: 22376747
Secure Remote Access to SIMATIC Stations via Internet and UMTS   Entry ID: 24960449
Security with SIMATIC NET Entry ID: 27043887

Last Update
04/2013: Additional application with SCALANCE S623

Ergänzende Suchbegriffe
VPN, Fernwartung, Security, IPSec, SCALANCE S, S623, S612 V3

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
http://www.siemens.com/industrialsecurity.
Support to the statistics
With this function the IDs found are listed according to number (format .txt).

Generate list
Copy URL
Display page in new design
mySupport Cockpit