Siemens ST PCS 7 manual Industrial Security components, Configuration

The SCALANCE S industrial security modules can safeguard in- dustrial systems/devices or network segments of an Ethernet against unauthorized access by means of a firewall. Some of them, e.g. SCALANCE S612 and S613, additionally use encryp- tion and authentication (VPN) to protect the data transmission between systems/devices or network segments against data manipulation and espionage.

■Design

SCALANCE S industrial security modules

The following SCALANCE S industrial security modules can be

9used in the context of the SIMATIC PCS 7 security concept:

•SCALANCE S602 industrial security module with firewall functionality

•SCALANCE S612 industrial security module

with firewall functionality and VPN (Virtual Private Network) functionality for up to 32 devices (up to 64 simultaneous VPN tunnels)

•SCALANCE S613 industrial security module

with firewall functionality and VPN (Virtual Private Network) functionality for up to 64 devices (up to 128 simultaneous VPN tunnels); suitable for extended temperature range from -20 to +70 °C.

Security functions of the SCALANCE S industrial security mod- ules

•Firewall functionality (S602, S612 and S613)

-Filtering of data packets as well as enabling or blocking of communication links on the basis of filter lists (packet filter firewall); IP and MAC addresses can be filtered, as well as communication protocols (ports) with incoming and outgo- ing communication.

-Saving of access data in a log file; for verification purposes and for recognition of attacks and derivation of preventive measures.

•VPN functionality (S612 and S613)

-Secure authentication (identification) of the network notes through monitoring and checking the incoming data traffic using proven VPN mechanisms.

-Data encryption and data integrity checking for protection against espionage and data manipulation; establishment of VPN tunnels to other security modules

ment of devices in event of fault; for saving of configuration and application data, can be used in SIMATIC NET products with C-PLUG slot

B) Subject to export regulations: AL: N, ECCN: EAR99H

F) Subject to export regulations: AL: N, ECCN: 5D002ENC3

Note:

For further components and accessories, especially cable material and connectors as well as tools and supplementary material for assembly, re- fer to page 9/23, 9/25 and 9/26 as well as to Catalog IK PI.

9/34

Siemens ST PCS 7 · November 2007