Which security mechanisms does the TeleControl Basic system offer?
The TELECONTROL SERVER BASIC software connects up to 5000 SIMATIC S7 controllers to a central unit by means of the GSM/GPRS cellular radio standard. This permits cost-effective implementation of telecontrol solutions for logistics, maintenance/servicing and energy optimization.
The S7 interface is the MD720-3 modem for connecting the S7-200. The CP1242-7 is available for integration in the S7-1200. The software also permits worldwide teleservice over STEP 7 with the S7-1200, over GPRS and the internet.
In addition to the simple, small telecontrol applications, system integrators and system houses can offer their customers service by providing various services split into customer groups.
The TeleControl Basic system has the following features for secure communication over WAN:
|1||Authorized phone numbers (CLIP list)||Access to stations of the type S7-1200 with CP1242-7 is restricted to phone numbers stored in the CP's configuration. This prevents unauthorized waking of the station and spamming.|
|2||Password-protected logon of the CP1242-7 on the telecontrol server||Only stations in which the correct password is configured can log onto the telecontrol server. This prevents third-party stations from illegally entering the control system.|
|3||User administration in the TeleControl Server Basic software||Users and passwords|
The engineers are assigned different roles. Access is password-protected.
Only authorized users can make changes to the configuration on the telecontrol server.
(users and passwords)
|You can also create several of your own users per CP1242-7 who can log onto a TeleService session and whose access is permitted by means of a special password. This excludes unauthorized TeleService access.|
|5||Support of standard SIM cards||If you use standard SIM cards with data rate, most providers prevent access from outside to the IP addresses of the substations when using the public APNs. It is therefore impossible to access the substations from the internet.|
|6||Data encryption||The protocol between substation and the telecontrol server uses a simple encryption mechanism. This means that it is not easily possible for third parties to read the data stream.|
|7||Stations logged on temporarily||The substations can be configured as temporary stations (CP1242-7). This means that connections are established only when necessary. There are no unnecessary connections which can be manipulated.|
|8||Support of private provider APNs||When using private provider APNs, the network operator provides a closed network that does not permit access from the outside.|
Note on security
The functions and solutions described in this article confine themselves predominantly to the realization of the automation task. Furthermore, please take into account that corresponding protective measures have to be taken in the context of Industrial Security when connecting your equipment to other parts of the plant, the enterprise network or the Internet. Further information can be found in Entry ID: 50203404.