×
Siemens Industry Online Support
Siemens AG
Entry ID: 92651441, Entry date: 05/03/2018
(5)
Rate

All-round protection with Industrial Security - Network Security

  • Entry
In this entry you can find an overview arranged in themes with links to the most important entries regarding Industrial Security (network security).

With the rising use of Ethernet connections right into the field level, security issues in the industry are also gaining increasing significance. There are enormous chances but also large risks in open communication and the increased networking of production systems. In order to protect an industrial plant from attacks in terms of security, appropriate measures have to be taken.
Siemens offers a multi-layered concept with Defense in Depth according to the recommendations of ISA 99/ IEC 62443 that protects the plant all-round but also in depth. The concept is based on the following components:

  • Plant security
  • Network security
  • System integrity

 


Whilst classic plant security thwarts physical access, network security and the protection of system integrity safeguards from cyber attacks and unauthorized access by users or people not belonging to the company. Here, you can find an overview arranged in themes with links to the most important entries.

Plant securityNetwork securitySystem integrity

Network security means protection of automation networks from unauthorized access This includes control of all interfaces, such as, for example, between office and plant networks or of the remote maintenance access to the Internet. This control can be realized by using firewalls and setting up a DMZ (demilitarized zone = zone shielded by means of security technology), if necessary. The security-related segmentation of the plant network into individual protected automation cells serves for risk minimization and security improvement. The division of the cells and assignment of the devices is dependent on the need for communication and protection
Data transfer is encrypted by means of a VPN and thus protected against data espionage and manipulation. The communication users are securely authenticated.

Firewall
Applications

Protection of an Automation Cell Using the SCALANCE S602 V3 and SCALANCE S623 Security Modules via a Firewall
Automation Tasks in 10 minutes or less SIMATIC S7-1500: AT 5 - Integrated Firewall

FAQ

What configuration steps are necessary to forward the coded data packages incoming on the SCALANCE S61x from the VPN tunnel to specific internal nodes only?
Which firewall rules do you have to define for SCALANCE S in the Security Configuration Tool to allow data traffic between internal and external networks for a specific IP address area?
Which firewall rules should you configure for SCALANCE S in order to have access to the internet with the PG/PC via the SCALANCE S and router?
Which firewall rules are to be configured in SCALANCE S if a Virtual Private Network (VPN) is set up over the internet between two SCALANCE Ss and the nodes should also be able to access the internet from the internal network?
Which firewall rules should you configure for the EGPRS router MD741-1 in order to have access to the Internet with the PG/PC from the LAN of the MD741-1?
What Implementation Scenarios for SIMATIC Products for Security Strategies are there in the PCS 7 Environment?
Which firewall settings do you have to make for smooth operation of the SINEMA Server V12?
Which ports are used by the various services for data transfer via TCP and UDP and what should you watch out for when using routers and firewalls?
Which firewall settings do you have to make for SIMATIC B.Data V6.0 SP1?
Which TCP ports must be enabled in a router (or firewall) to permit access to a SIMOTION controller or SINAMICS drive via Ethernet?

VPN
Applications

Overview: Secure Remote Access with VPN
Industrial Security with SCALANCE S Modules over IPSec VPN Tunnels
Secure Remote Access to SIMATIC Stations via Internet and UMTS
TeleService of a S7-1200 station via mobile network (Set 33)
SINAUT ST7 Telecontrol configuration examples in Ethernet, secure Internet and (E)GPRS environment

FAQ

How do you diagnose an S7-1200 CPU (with CP 1242-7) over the internet/GPRS network?
How do you configure a VPN tunnel between a PC station and SCALANCE S61x via the Internet with the 2008 edition of SOFTNET Security Client?
How do you configure a VPN tunnel between a PC station and SCALANCE S61x V2.1 via the Internet with the SOFTNET Security Client Edition 2005 HF1?
How do you configure a VPN tunnel between a PC station with Windows XP SP2 and SCALANCE S61x V2.1 via the Internet with the Microsoft Management Console?
How is a VPN tunnel between two SCALANCE S S61x modules configured in Routing mode via the internet?
What can you do if there isn't a VPN tunnel set up in the SCALANCE S 61x, the SOFTNET Security Client or the MD740-1?
Which security modules support the dynamic DNS function (DDNS)?
Why does the VPN LED of the SCALANCE M875 and MD741-1 continue to light although the secure IPsec tunnel connection is disconnected?
What should you watch out for when enabling and using the security functions of CP343-1 Advanced and CP443-1 Advanced?
What should you watch out for when setting up a VPN tunnel with the SOFTNET Security Client (V4 + HF1)?
Compatibility of VPN connections between Industrial Ethernet products with Security Integrated and CP 1543-1, via infrastructure in which Network Address Translation (NAT) is being used.
How do you move a SINEMA Remote Connect Server via a backup copy if the network environment does not change?
Which settings do you have to make for the SCALANCE S615 to be connected by Open VPN to the SINEMA Remote Connect Server?
How do I configure a VPN tunnel between PC station and Siemens Remote Service Platform via a safety connection?
What NAT scenarios can be implemented with the SCALANCE S615?
Why can the SINEMA Remote Connect Client not connect with the SINEMA Remote Connect Server?
Which SIMATIC S7-1200 CPs are available for TeleControl applications?

Getting Started

SIMATIC NET: Industrial Remote Communication Remote Networks SCALANCE M-800 Getting Started
SIMATIC NET Industrial Ethernet Security Setting up security - Getting Started
SIMATIC NET: Industrial Ethernet Security SCALANCE S615 Getting Started
SIMATIC NET: Industrial Remote Communication - Remote Networks SINEMA Remote Connect

Manuals/ Compendium/ Professional articles

Overview: Secure Remote Access with VPN
All-round protection with Industrial Security - Network Security
Security with SIMATIC NET
SIMATIC NET Industrial Ethernet Security Security basics and application
SIMATIC NET Industrial Ethernet Security, Setting up security in STEP 7 Professional
SIMATIC NET: Industrial Remote Communication Remote Networks SCALANCE M-800 Web Based Management
SIMATIC NET: Industrial Ethernet Security SCALANCE S615 Web Based Management
SIMATIC NET Industrial Ethernet Security SCALANCE S
SCALANCE S and SOFTNET Security Client
SIMATIC Process Control System PCS 7 Compendium Part F - Industrial Security (V9.0)
"Industrial Security Sales Info Kit" (Video)
Current documents and white paper on the topics of Industrial Security and Security Integrated
Brochure: Network security
Industrial Security Website
SIMATIC NET: Industrial Remote Communication - Remote Networks SINEMA Remote Connect - Server
SIMATIC NET: Industrial Remote Communication - Remote Networks SINEMA Remote Connect - Client
SIMATIC NET: LOGO! - Industrial Ethernet, LOGO! CMR2020, LOGO! CMR2040
SIMATIC NET: Industrial Ethernet Security SCALANCE SC-600 Web Based Management (WBM)
Installation and Management of Secure Remote Networks with SINEMA Remote Connect (Video)

Services

SITRAIN: Security in Industrial Ethernet Networks
SITRAIN: Training catalog