Siemens ST PCS 7 manual Industrial Security, Firewall

■Overview

INTERNET

Enterprise Resource

Planning (ERP)

Manufacturing Execution

System (MES)

INTERNET

Terminal bus 1 (OS-LAN)

Terminal bus 2 (OS-LAN)

The progressive standardization, opening and networking of control systems has been accompanied by an enormous in- crease in security risks. The potential dangers arising from de- structive programs such as computer viruses, worms or trojans or from access by unauthorized personnel range from network overloads or failures, theft of passwords and data, to unautho- rized access to the process automation. Apart from material damage, specifically targeted sabotage can also have danger- ous consequences for people and the environment.

■Function

With its pioneering security concept, SIMATIC PCS 7 offers com- prehensive solutions for safeguarding a process engineering plant that are based on a hierarchical security architecture (de- fense in depth). The special feature of this concept is its inte- grated approach. It is not just restricted to the use of individual security methods (e.g. encryption) or devices (e.g. firewalls). Its strengths lie more in the interaction of a host of security mea- sures in the plant network. The security concept is described in detail in the manual "SIMATIC PCS 7 recommendations and in- formation", and comprises advice and recommendations (best practices) on the following topics:

•Creation of a network architecture with defense in depth, com- bined with the segmentation of the plant into security cells

•Network administration with name resolution, assignment of IP addresses and division into subnetworks

•Operation of plants in Windows domains (active directory)

•Administration of the Windows and SIMATIC PCS 7 operator privileges; integration of the SIMATIC PCS 7 operator privi- leges into the Windows administration

•Reliable control of the clock synchronization in the Windows network

•Management of security patches for Microsoft products

•Use of antivirus software and firewalls

•Support and remote access (VPN, IPSec)

On the system side, SIMATIC PCS 7 V7.0 supports the imple- mentation of guidelines and recommendations of the security concept by means of:

•Application of the local Windows XP firewall

•SIMATIC security control (SSC) for automatic setting of safety- related parameters of DCOM, registry and Windows firewall during the setup

•User administration and authentication by means of SIMATIC Logon

•Integration of the SCALANCE S602, S612 and S613 industrial security modules of SIMATIC NET

The manual "SIMATIC PCS 7 Security Concept, Recommenda- tions and Advice" is available on the Internet via the SIMATIC Guide for Technical Documentation under "SIMATIC PCS 7 Process Control Systems & Migration".

You can find the SIMATIC Guide for Technical Documentation on the Internet.

Additional information is available in the Internet under:

http://www.siemens.com/simatic-docu

Siemens ST PCS 7 · November 2007

9/33